trmnl-paper-takumi
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
render_scene.tsxscript fetches font CSS and binary files from Google Fonts (fonts.googleapis.com) to support custom typography during the image rendering process. This is a legitimate use of a well-known service. - [COMMAND_EXECUTION]: The skill uses
tsxto execute therender_scene.tsxscript, which orchestrates the rendering pipeline using the@takumi-rslibrary. - [DYNAMIC_EXECUTION]: The
render_scene.tsxscript utilizes dynamicimport()to load React components from user-specified local file paths (scenes). This allows the tool to be flexible in processing different templates provided by the user. - [DATA_EXPOSURE]: The skill includes a Python script
wrap_image_markup.pythat generates TRMNL-specific markup. It correctly uses HTML escaping for attribute values (such as image URLs) to ensure safe output generation.
Audit Metadata