There's a crucial difference between prompt injection and other injection attacks such as SQL injection or XSS or shell injection.
For all of those other injection attacks we know what the mitigations are: parameterized queries for SQL injection. Context-aware HTML escaping for XSS. Shell special character escaping for shell commands.
Prompt injection does not have a reliable mitigation yet. It's currently an injection attack without a fix.
Well its been a long time for lots of these. The original xss security advisory had the non-sensical advice that "Web Users Should Not Engage in Promiscuous Browsing". [1]
But anyways, that's kind of my point. When people try and fix xss by just blacklisting some tags they think are bad instead of proper escaping, it never works. Which is basically where we are at with mitigations for prompt injection, so similiarly it probably wont work here.
For all of those other injection attacks we know what the mitigations are: parameterized queries for SQL injection. Context-aware HTML escaping for XSS. Shell special character escaping for shell commands.
Prompt injection does not have a reliable mitigation yet. It's currently an injection attack without a fix.