You can also give the LLM hidden messages with a small bit of prompting, e.g. https://umpox.com/zero-width-detection

It’s technically possible to prompt inject like this. I actually reported this to OpenAI back in April 2023 but it was auto-closed. (I mean, I guess it’s not a true vulnerability but kinda funny it was closed within 5 mins)