Everything that is in the context window can be potentially revealed with prompt engineering.
(In this case, there's no prompt injection to speak of because letting the user input an arbitrary request is part of the UI. I think it's more accurate to call it "injection" only when that's not anticipated, like when Bing picks up instructions from the webpage you tell it to summarize.)
(In this case, there's no prompt injection to speak of because letting the user input an arbitrary request is part of the UI. I think it's more accurate to call it "injection" only when that's not anticipated, like when Bing picks up instructions from the webpage you tell it to summarize.)