Partially, you could still deploy the AI in an isolated envirnoment. If there's nothing to access, there's no prompt injection.
But who will have thought about something not being a SaaS but rather on-premises...
If you feed data to a LLM then there will always be a prompt injection. What you described is limiting the damage that the prompt injection can do, but also its usefulness.
> Partially, you could still deploy the AI in an isolated envirnoment. If there's nothing to access, there's no prompt injection.
If there's nothing to access, there's only limited value in using an LLM in the first place.
If your LLM is prevented from accessing anything other than the prompt, the only use is interactive use by the user; no automatic work done on any workflow items.