The problem is natural language as a medium. It is too ambiguous and has way too many variants to say literally anything imaginable that there is no way of protecting against prompt injection without some kind of NLP filter or something. I don't really see how someone can develop a kind of protection against this given these problems.