Prompt Injection Is an Operational Risk, Not a Prompting Problem Why "tell the model to ignore manipulation" is
