golang-samber-ro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s documentation and examples (SKILL.md, references/patterns.md and references/plugin-ecosystem.md) explicitly show ingesting external data via HTTP/WebSocket and other plugins (e.g., http plugin Get, WebSocket stream in Pattern 2, rofsnotify.Watch) and then acting on that data (updateDashboard, sendAlert, processBatch), so untrusted third‑party content could be read and materially influence pipeline behavior.