validation-scripts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's validation and pipeline scripts (notably scripts/validate-data.sh and the pipeline tests) ingest and parse arbitrary user-provided/public dataset files via --data-path (JSONL samples of product reviews and other user-generated text) and tokenize/inspect that text (and can also pull tokenizers/models from the Hugging Face hub), so the agent will read and interpret untrusted third-party/user-generated content.