They tried but only with a subagent that was not entertained with their attempts. Newer LLMs usually come out of the box with pre-prompts to avoid prompt injection so they don't get pwn'd while browsing the internet for example and reading some text hidden off page.