Exfiltration via rendered content TL;DR: Image URL, markdown link, or fetch tool used as a side-channel out of the assistant. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://embracethered.com/blog/posts/2024/llm-apps-automatic-tool-invocations-and-data-exfiltration/