But you're asking it to 'read' the data and return some output based on the content of the data, you inherently want the content of the data to influence the output.
So whoever controls the data can influence the output.
You want it to respond to salient features in the data, but not to instructions in the data. But you also want it to follow your instructions. It's the same LLM.
Is there no way to tell an LLM that a given block of text should be considered data and not instructions?
But you're asking it to 'read' the data and return some output based on the content of the data, you inherently want the content of the data to influence the output.
So whoever controls the data can influence the output.
You want it to respond to salient features in the data, but not to instructions in the data. But you also want it to follow your instructions. It's the same LLM.
Not with 100% reliability. If there was then prompt injection wouldn't be a problem.