Only who could've imagined that security LLMs are vulnerable to prompt injection...