[kabes]

How about this scenario:

You have a system that allows users to upload images.

You want to save a description of the images to enhance your image search feature.

You ask GPT-4 to describe the image.

The image is like the on from the post, except it doesn't tell to say hello, but to say: "; DROP TABLE users;"

Because the answer comes from an API, you didn't bother to escape it when inserting in the database.

Of course this is still an SQL injection by a sloppy developer, but made possible by Prompt injection. Many attacks are a combination of little things that are seamingless harmless on their own.