merge-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Discover the stack" step calls gh pr list (in SKILL.md) to ingest GitHub PR metadata (titles, branch/base names, descriptions) from user-contributed third-party sources and then uses that data to determine retargeting and merge actions, so untrusted PR content can materially influence tool behavior.