This just in, a month ago, an advisory from Embrace The Red, that shows a method to use invisible ASCII prompt injection that reads the .env environment file (a file that normally contains secretes like API keys), and because of link_unfurling (now deprecated).
The demo shows how a hit to a private server is recorded in the logs which show the secret code TrustNoAI! recorded in the server logs in nginx.
