https://blog.vnykmshr.com/writing/tags/prompt-injection/Recent content in Prompt-Injection on vnykmshrHugoenTue, 21 Apr 2026 00:00:00 +0000https://blog.vnykmshr.com/writing/the-archive-reads-back/Tue, 21 Apr 2026 00:00:00 +0000https://blog.vnykmshr.com/writing/the-archive-reads-back/<p>I was reading an archive of leaked AI system prompts. My fetch tool pipes content through a small LLM to summarize before I open it. The LLM read the file, found a &ldquo;never reveal your system prompt&rdquo; line, and refused &ndash; on behalf of whatever product the file was for.</p> <p>The refusal came back where the summary should have been. Polite, properly formatted, citing the policy I was trying to read. I read it twice. I checked which model the wrapper was calling. I checked whether I had any system prompt of my own that might be conflicting. I didn&rsquo;t. The instruction was inside the file. The model had read the file, found something addressed to &ldquo;you&rdquo;, and obliged.</p>