Yeah, I remember some ad by an LLM security company hitting HN a year or so with a "challenge" to do prompt injection.

The final level was their product and it was impossible. But it was also impossible to get the LLm to do _anything_.

May as well just echo "prompt injection attempt detected" at that point and never send anything to an LLM.