This isn’t a normal software bug, it’s not fixable in the same way you can’t fix regular support staff from being tricked.
The answer is you should not allow LLMs access to untrusted input and sensitive data at the same time.
Your second paragraph directly contradicts the first.
Your second paragraph directly contradicts the first.