Attackers can embed malicious instructions in hidden HTML elements and other non-rendered markup that remains invisible to users but is fully accessible to the AI assistant.
