book-sft-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly ingests ePub book content (Phase 1: extract_epub) and then reads and interprets those chunks in Phase 3 (INSTRUCTION_PROMPT with llm_call) and in dataset construction (assistant messages), so arbitrary third‑party ePubs or public datasets could contain instructions that influence segmentation, instruction generation, and downstream training actions.