If inside a procedure or function is a private subprogram then it's not necessary to validate the input parameters!?

create or replace procedure demo(i_para in number) authid definer
is
  c_para constant pls_integer not null:=i_para;
  procedure internal(i_para in number) is
  begin
    null;
  end internal;
begin
  internal(i_para => c_para);
  null;
end demo;

(G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit.)

If inside a procedure or function is a private subprogram then it's not necessary to validate the input parameters!?

Not in this case. However, there are cases where this might be useful.

IMO the rule is implemented correctly. If you think there should be an exception for private subprograms then I suggest to open a issue in this repository: https://github.com/Trivadis/plsql-and-sql-coding-guidelines .