I don't follow. If using a third party LLM, there is a risk of prompt injection and unless there are advances I haven't heard of, it's not something they can fix?
1. I agree with your point that Prompt Injection can still affect the consumer of a third party LLM
2. I prefer to categorize it as a supply chain security issue, since the vulnerability is with a software provider that you are consuming.