typst-paper

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/online_bib_verify.py script makes network requests to api.crossref.org and api.semanticscholar.org. These are well-known and trusted academic services used to verify bibliographic metadata and DOI validity. The data sent to these services is restricted to publication titles and DOIs.
  • [COMMAND_EXECUTION]: The skill executes the typst command-line utility via subprocess calls in scripts/compile.py to compile manuscripts and list system fonts. This is a standard and necessary function for a document preparation assistant.
  • [PROMPT_INJECTION]: The skill ingests untrusted manuscript text (e.g., abstract and experiment sections) and interpolates it into prompts for the AI agent to facilitate analysis and rewriting. While this presents an indirect prompt injection surface, it is consistent with the primary purpose of a writing assistant, and the instructions prioritize preserving the manuscript's internal Typst syntax and labels.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 05:32 PM
Security Audit — agent-trust-hub — typst-paper