zdnet[.]com/article/how-indirect-prompt-injection-attacks-on-ai-work-and-6-ways-to-shut-them-down/
unit42.paloaltonetworks[.]com/ai-agent-prompt-injection/
forcepoint[.]com/blog/x-labs/indirect-prompt-injection-payloads
When ChatGPT 1st arrived you saw all sorts of stories online about people having fun jail breaking the LLM, figuring out prompts that made it forget about its rules and misbehave. Artificial Intelligence was and is solely a marketing term after all, and it's still dumb enough to get easily fooled. One way to fool it is to insert hidden instructions in a link so the AI will behave maliciously. Another, IMHO more dangerous way to feed AI malicious instructions is to hide them on a web page. Then when an LLM parses that page, digesting whatever info it contains, it can read those instructions and follow them. So, when you ask a chatbot something, if it scours the web for answers, and happens to come across a web page containing malicious instructions, you could possibly be toast.
At the very least, when you do a Google search, and their AI response is up top, Do Not click any of its reference links -- try to find whatever site in another browser window on your own.