[neximo64]

It's not longer this way. The 'text processing pipe' takes in two inputs. One is the instruction, the other is the text to apply the instruction on. If the injection is the text it doesn't affect the instruction. The model you're describing is the previous version.

[anonzzzies]

Did you try this though, because so far it doesn’t seem to give the ‘system’ prompt preference over the ‘user’ prompt; the user can override the system prompt with some trivial prompting.

[kfarr]

Reminds me of the old days of concatenating strings (including unsafe user input) in php to generate queries.