stacked-prs
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). This skill's scripts (e.g., scripts/stack-scripts.sh and scripts/create-stacked-pr.md) call the GitHub CLI (gh pr list / gh pr view) to fetch PR metadata from GitHub — user-generated, public/untrusted content that the tool parses and uses in its workflow, creating an avenue for indirect prompt injection.
Audit Metadata