Grok 3 is highly vulnerable to indirect prompt injectionsimonwillison.net98 pointsisaacfronda year ago