newsletter-campaign-workflow

This file is a workflow and developer documentation/skill manifest for newsletter campaign processing. It describes expected DB filters, cron jobs, AI integration, and step-by-step workflows. I found no evidence of malicious code, obfuscated payloads, download-and-execute commands, or explicit credential harvesting patterns in the provided text. The primary security concerns are operational: ensuring the runtime implementations of callAIWithPrompt and the Supabase admin client do not leak credentials, that all DB queries properly include publication_id to prevent cross-tenant data leakage, and that logs do not expose sensitive data. No direct supply-chain or exfiltration indicators are present in this document itself.