typst
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides high-quality documentation and utilities for the Typst typesetting system. All identified behaviors, including the use of local Python scripts, are consistent with its stated purpose of assisting with document creation, package development, and performance profiling.
- [COMMAND_EXECUTION]: Several scripts (
scripts/search-packages.py,scripts/validate-examples.py) and agent instructions (agents/typst-verify.md) use shell commands to interact with thetypstCLI. These are used legitimately for checking versioning, compiling documents, and extracting metadata. - [EXTERNAL_DOWNLOADS]: The documentation references official and well-known community resources, such as the Typst Universe package registry and established ecosystem tools like
typstyleandtytanic. These are standard tools within the Typst ecosystem. - [DYNAMIC_EXECUTION]: The
scripts/validate-examples.pyscript extracts Typst code blocks from Markdown files and executes them using thetypst compilecommand. This is a functional requirement for validating documentation examples and is implemented using safe subprocess calls with argument lists rather than shell strings.
Audit Metadata