> nor do I think it should be considered a prompt injection at all

Can we stop the apologetic framing? It's increasingly common to create exploits from multiple vulnerabilities. Each one is bad. Downloading corporate malware is stupid. Adding random prompt injection is reckless. Insane to run autonomous agents on top of it.

Prompt injection is more serious in this regard, because there is no known solid protection. All the other problems are failure in process, prompt injection is failure at the first thought.