stax

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated GitHub PR data — e.g., the stax comments command and the "Respond to PR feedback" workflow in references/workflows.md / SKILL.md — meaning agents will ingest untrusted PR/comments/CI state from third-party sources which can materially change actions like commits, restacks, submits, and merges.