golang-gin-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests and interprets untrusted, user-generated content at runtime — e.g., JSON request bodies via c.ShouldBindJSON in SKILL.md/internal/handler/user_handler.go, multipart file uploads in references/routing.md (UploadAvatar/UploadDocuments), and WebSocket messages in references/websocket.md (EchoHandler/ChatHandler) — which can materially influence actions the service takes (creating users, saving files, broadcasting messages), so it exposes the agent to third-party content that could carry indirect instructions.