Prompt Injection via Markdown
Hard200 pts0 solves
An attacker crafts a message that tricks an LLM into rendering:
When the markdown is rendered, the browser makes a GET request with the stolen data.
What is this technique called?
Flag format: CONGRESS{technique_in_snake_case}
Hint
The image URL acts as a data exfiltration channel through markdown rendering.