typst
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its document processing workflow. 1. Ingestion points: The
typst compileworkflow and data-loading functions (docs/reference/data-loading/) process external content. 2. Boundary markers: Absent; no instructions provided for content delimitation. 3. Capability inventory: The skill allows access toBash,Read, andWritetools. 4. Sanitization: Absent; no explicit sanitization of interpolated data is described. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run thetypst compilecommand for document validation, which is an expected behavior for its primary purpose. - [EXTERNAL_DOWNLOADS]: The Typst environment documented in the skill supports automated package retrieval from the Typst Universe registry.
Audit Metadata