go-feature-flag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly documents the relay retriever fetching flag config from open/public sources (RETRIEVER_KIND=http|github|s3 and examples like RETRIEVER_URL and RETRIEVER_REPOSITORY_SLUG), and those externally-hosted flag files are parsed at runtime and directly influence feature-evaluation and subsequent behavior.