substack-publisher
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is installed from an untrusted GitHub repository (apetcu/substack-skill) not included in the trusted organization whitelist. Per [TRUST-SCOPE-RULE], this is flagged for review.
- [CREDENTIALS_UNSAFE] (HIGH): Documentation instructs users to provide a SUBSTACK_SID session cookie. Session cookies grant full access to the browser session and account; sharing them with scripts from untrusted sources is a critical security risk.
- [PROMPT_INJECTION] (HIGH): The skill creates an indirect prompt injection surface by processing external markdown content. Ingestion points: Command-line argument for markdown file path (<file.md>). Boundary markers: None present in the documentation or examples. Capability inventory: Access to the Substack API with permissions to create drafts and publish articles. Sanitization: No sanitization or validation of external markdown content is documented before it is converted to API payloads.
- [COMMAND_EXECUTION] (LOW): The skill executes a local Python script (scripts/publish_to_substack.py) to perform its primary functions.
Recommendations
- AI detected serious security threats
Audit Metadata