merge-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly fetches PR data from GitHub using commands like gh pr list and gh api (third-party, user-generated PR titles/branches/bodies) and uses that live content to decide which PRs to retarget and merge, so untrusted external content can materially influence agent actions.