I Got Burned by Prompt Injection in Production. Here Are 2 Tiny npm Libs That Stopped It.

A user pasted a help article into our agent. Three minutes later the agent silently rewrote a customer email, leaked an internal URL, and tried to fetch a .zip from a domain none of us had ever seen.