If that was easy to do then the entire class of prompt injection bugs wouldn't exist. It's actually very difficult. LLMs make no distinction between data and instructions, fundamentally.