[tanbablack]

Really like the content negotiation approach. Serving clean markdown via Accept headers has a nice security side benefit too. agents that receive structured markdown don't need to parse raw HTML, which is exactly where indirect prompt injection payloads hide.

Unit42's March 2026 research found 22+ techniques used in the wild to embed hidden instructions in HTML — zero-font CSS, invisible divs, dynamic JS injection. If more sites adopted this pattern and agents preferred the markdown path, a whole class of web-based IDPI attacks would be bypassed by design.