book-sft-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md pipeline explicitly ingests third‑party book content (Phase 1: extract_epub using extract_epub(path)), references public datasets/links (Hugging Face, arXiv) and web fetch examples, and then uses that untrusted text in segmentation (including LLM-assisted Tier2 segmentation) and instruction-generation steps that directly feed dataset construction and training — i.e., external/user-provided content is read and can materially change downstream tool behavior.