@jukkan Any manipulation through the prompt is out of scope in their bug bounty program, even if you get to the shell running the LLM (VM), so I guess that's the reason it became a social media post rather than hidden bug report.