stax

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and command reference (SKILL.md and references/*.md) show the agent will read and act on GitHub-hosted, user-generated content—e.g., PRs, PR comments (stax comments, stax ll/PR URLs), and CI status (stax ci, stax merge --when-ready)—which are untrusted third-party sources that can materially influence merges, submissions, and AI-driven resolutions.