(no title)

I only had time to skim this, but it doesn't seem like prompt injection to me, just good old fashioned malware in a node package.

Your other two examples do seem to open the door for prompt injection, I was just asking about documented cases of it succeeding.