A prompt-injection technique where malicious instructions are embedded in data the system retrieves or processes (e.g., web pages, emails, tickets, documents) rather than in the user’s direct prompt. This is a common risk in RAG and tool-enabled agent systems.
See: Connector; Prompt injection; Tool calling (function calling)