> That sounds a bit like "nobody would ever fall for a phishing email." I don't think we should overestimate the technical sophistication and unceasing vigilance of the average YouTube user.
By this standard, we shouldn't allow comments on YouTube. Or perhaps anywhere.
That's equating regular social engineering versus LLM prompt injection and clicking a sneaky URL, I don't think those are equivalent scenarios or risks.