Yet another example illustrating an inconvenient truth: If you build a RAG system that can be used to process data from untrusted sources, and you include the ability to embed images from or links to external domains, then you're going to have prompt injection exfiltration holes

→ View original post on X — @simonw,