Prompt Injection Still Becomes a Security Bug at the Tool Boundary
A deterministic evaluation harness that measures prompt injection as an exploitation problem. 9 scenarios across RAG, browser, and internal tool runner patterns — all 9 reproduce a successful exploit path.