Indirect prompt injection in GitLab Duo exposed private source code and inserted malicious HTML into AI responses, risking credential theft and data l