substack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs users to copy their substack.sid cookie value and either export it (export SUBSTACK_SID="") or pass it via a --sid CLI flag, which requires embedding the secret cookie value verbatim in commands or environment setup and thus risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime path calls Substack’s internal API using an outsider-provided newsletter URL/subdomain, then ingests the returned post HTML/body text (body_html) and converts/prints it (get-post/get-text), which is outsider-authored content from third-party Substack publishers.