pp-substack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests public, user-generated Substack content (e.g., commands like substack-pp-cli posts get-by-slug, profiles get-by-handle, notes list-by-profile, inbox home, and discover) and returns JSON via --agent that the agent is expected to read and act on (e.g., discover patterns and recs find-partners feed into drafting/outreach decisions), so untrusted third-party content can materially influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent at runtime to fetch and install remote code (via "npx -y @mvanhorn/printing-press install substack --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/media-and-entertainment/substack/cmd/substack-pp-cli@latest"), which executes externally sourced code and is a required dependency for the skill.