mergify-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and commands (e.g., "mergify stack checkout NAME" and "mergify stack sync") explicitly fetch and read stacked PRs, commit messages, CI and review data from GitHub (third‑party, user‑generated content) which the agent is expected to interpret and act on, so untrusted external content can influence tool use and decisions.