Skills
skills/nanameru/substack-mcp/substack-article/Gen Agent Trust Hub

substack-article

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill uses the pycookiecheat library to access Chrome's encrypted cookie database and interacts with the system Keychain on macOS to manage Substack authentication sessions.
  • [COMMAND_EXECUTION]: The thumbnail generation process in templates/thumbnail-prompt.md uses a Python script template that incorporates user-supplied text via direct string interpolation. This creates a risk of code injection if inputs contain malicious Python syntax.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external Python packages pycookiecheat and python-substack, and references the substack-mcp repository for core tool functionality.
  • [COMMAND_EXECUTION]: The workflow requires executing command-line setup tools (substack-mcp-setup) and may involve system-level security prompts to access authentication credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 06:46 AM
Security Audit — agent-trust-hub — substack-article