weasyprint
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides exhaustive instructions for installing the
weasyprintPython library and its required native dependencies (such as Pango, HarfBuzz, and Fontconfig) through standard distribution channels like pip, apt, brew, and pacman across Linux, macOS, and Windows platforms. - [COMMAND_EXECUTION]: The skill contains utility scripts (e.g.,
scripts/render-courtbouillon-sample.shandscripts/render-all-courtbouillon-samples.ps1) that execute local shell commands. These scripts are used to run the WeasyPrint command-line tool against the included HTML and CSS templates to generate sample PDF files. - [COMMAND_EXECUTION]: Technical documentation within the skill (specifically in
common_use_cases.md) contains command-line snippets usingsudofor administrative tasks such as configuring self-signed SSL certificates and updating certificate authority bundles on a server. - [SAFE]: The skill includes dedicated security modules (
security-untrusted-html.md,security-url-fetcher.md) that proactively warn about risks like SSRF, information leaks, and path traversal when processing untrusted input. It provides best-practice hardening examples, including the implementation of custom URL fetchers to block sensitive protocols likefile://.
Audit Metadata