Abscondita's token-injection demo fools code-review LLMs

Clever demo, real warning. This is basically prompt injection with the gloves off, and it highlights how fragile LLM systems become when control tokens and user data share the same channel.

• –The failure mode rhymes with SQL injection and XSS: if you don’t sanitize structural markers, the model can be tricked into treating attacker text as trusted conversation state.
• –Code-review bots and agentic workflows are the sharpest edge here, because a forged assistant turn can suppress warnings or bless unsafe code.
• –Teams running self-hosted stacks like vLLM, TGI, or Ollama should test special-token sanitization explicitly, not assume the prompt template is enough.
• –The playground is useful because it turns an abstract alignment/security issue into something engineers can reproduce and feel immediately.