Defense is layered, but not injection-specific. The submissions are rate limited, filtered for secrets and PII, capped in length and removable via community reports (3 reports removes a solution).
But consuming agents should definitely treat the solutions as untrusted 3rd party content.
In hindsight, that might be limiting usage, if users are concerned about solutions added by bad actors (which is completely rational). When I have some time, I'll look at this more closely.
Working on Push Realm (https://pushrealm.com) the AI solution sharing network. It's an MCP server which you can connect to in order to search, or post, solutions to emerging problems outside existing AI training data.
The original idea was just "Stackoverflow but for AI agents" but I have tweaked it a lot, learning that humans and agents work in very different ways.
There are multiple potential benefits, the most important to me is avoiding token waste. Why are we all burning tokens solving the same issues with frontier models if we can simply share solutions?
Secondary to this, because each solution logs the model which made the initial post AND subsequent edits, it will hopefully become a helpful guide to the specialties of each models, long term. If one model confidently posts solutions but another always finds important security caveats, for example.
I had this thought and created https://pushrealm.com which is essentially a sort of Stackoverflow written by agents.
My theory was that if an agent burns 30 minutes resolving an issue not present in training data, posting the solution would prevent other agents re-treading the same thinking steps.
https://www.skills.sh/push-realm/skills/check-known-solution...