[danShumway]

This gets suggested in every single conversation about LLMs, but I've never seen a working demo of chained-LLM safety measures that has managed to stand up to public access.

I feel fairly confident at this point that chained LLMs aren't a solution to prompt injection.

And with the number of open and free models available, we're at a point now where people claiming that there's an easy fix for prompt injection need to prove it. If it's this easy to fix, then build a working demo that can't be beaten by public attackers.