Skills
skills/hoangvantuan/claude-plugin/substack-tools/Gen Agent Trust Hub

substack-tools

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its newsletter crawling features.
  • Ingestion points: The crawl and crawl-feed commands in scripts/substack_crawl.py retrieve content from external Substack URLs.
  • Boundary markers: Crawled content is saved as Markdown files with YAML frontmatter headers (in the save_post function), providing structural separation that may not fully isolate the agent from embedded instructions.
  • Capability inventory: The scripts/substack_cli.py script has the capability to draft, schedule, and publish posts to a user's Substack account.
  • Sanitization: The skill uses BeautifulSoup and markdownify to strip some HTML elements, but it preserves the main text content where instructions could be hidden.
  • [COMMAND_EXECUTION]: The skill executes Python scripts to perform its core functions, including interacting with the Substack API and performing file system operations like reading local drafts and writing crawled articles to the disk.
  • [EXTERNAL_DOWNLOADS]: Fetches newsletter data, RSS feeds, and archive information from Substack's public API and feeds (substack.com) as part of its scanning and crawling functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 03:03 PM