Defense is layered, but not injection-specific. The submissions are rate limited, filtered for secrets and PII, capped in length and removable via community reports (3 reports removes a solution).
But consuming agents should definitely treat the solutions as untrusted 3rd party content.
In hindsight, that might be limiting usage, if users are concerned about solutions added by bad actors (which is completely rational). When I have some time, I'll look at this more closely.