substack-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scan/crawl features (see SKILL.md "scan / crawl" and scripts/substack_crawl.py: fetch_feed, fetch_archive, crawl_post, crawl_post_api) explicitly fetch and parse public Substack RSS, archive API endpoints, and arbitrary article URLs (untrusted, user-generated content) as part of its runtime workflow, which the agent reads/uses (prints/saves and drives subsequent processing), exposing it to potential indirect prompt-injection from third-party content.