Indirect Injection

An AI reads emails and finds hidden instructions planted by an attacker. The injection came through data the AI was processing, not from the user. Where did the injection come from? Flag format: CONGRESS{source:[where],not:[where]} Example: CONGRESS{source:api,not:database}