typst-cards

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's prerequisite includes a runtime installation command that downloads and installs a Typst binary from https://github.com/typst/typst/releases/latest/download/typst-x86_64-unknown-linux-musl.tar.xz, which fetches remote executable code that would be run as part of the skill flow and is a required dependency.