backend-go-dependency-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "AI Agent Rule: Ask Before Adding Dependencies" explicitly instructs the agent to check third-party GitHub repo metadata (e.g., "check via gh repo view") and to read changelogs/migration guides and other external resources when evaluating packages, which means the agent will fetch and interpret untrusted, user-generated web content (GitHub, changelogs, external visualization sites) that can materially influence whether it runs tools like go get.