Prompt injection is an attack where malicious text in the input tricks the model into ignoring its instructions.
Because models follow natural-language instructions, untrusted content from web pages, files, or tool output can carry hidden directives. Defenses include separating trusted from untrusted input, constraining tool permissions, and validating outputs. It is a core concern when deploying agents with real-world access.