go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill tells the agent to fetch and read dependency source files using "go mod download -json MODULE" and then read the returned Dir path, which causes the agent to ingest open/public third-party module code (untrusted user-generated content) as part of its workflow.