pr-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly resolves live PR state through the GitHub CLI and remote fetches (e.g., "Resolve live PR state through gh" in stack log/submit/retarget and "Fetch the remote trunk" in stack sync), which ingests user-generated GitHub PR/branch metadata from third-party repositories and uses that data to drive decisions and perform actions such as retargeting and updating PR bases.