DataBoundary puts delimiter defense at 100%

Useful signal, not a universal fix: delimiter framing is a strong, low-cost defense for single-turn document ingestion, but the repo also shows the gains depend on model and prompt wording.

• –Gemma 4 E4B moved from 21.6% defense without delimiters to 100% with delimiters, and the strict prompt closed the last gaps on the weaker models.
• –The terse "strict" template beat a more explanatory "contextual" version, which suggests boundary clarity matters more than persuasion.
• –The hardest attacks were delimiter mimicry and gradual drift, so this is still defense in depth, not a solved problem.
• –The benchmark is most relevant for RAG and web-document workflows where the model reads untrusted text directly.
• –The dataset and harness are open, which makes the result more useful than a one-off demo because others can reproduce and extend it.