Have you seen my writing on prompt injection (a term that I coined)?

That's pretty negative! https://simonwillison.net/series/prompt-injection/

There's a whole section in the linked piece about how Cowork doesn't do enough here, including:

> I do not think it is fair to tell regular non-programmer users to watch out for “suspicious actions that may indicate prompt injection”