substack-ghostwriting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 0 "Voice calibration" explicitly requires asking for the user's Substack URL and "fetch 2-3 recent posts" (SKILL.md Phase 0), and the voice-matching reference likewise instructs ingesting transcripts, tweets, and other social/published sources—all untrusted, user-generated third-party content that the agent must read and that will directly shape voice guides and downstream writing/decisions.