False negative in G-9501 when using constant

[PhilippSalvisberg]

The following code violates the rule "G-9501: Never use parameter in string expression of dynamic SQL. Use asserted local variable instead.". But no violation is detected

create or replace procedure exec_sql(in_sql in varchar2) is
   co_sql constant varchar2(1000 char) := in_sql;
begin
   execute immediate co_sql;
end exec_sql;
/

This code detects a violation.

create or replace procedure exec_sql(in_sql in varchar2) is
   l_sql varchar2(1000 char) := in_sql;
begin
   execute immediate l_sql;
end exec_sql;
/