Indirect prompt injection (IPI) is confirmed in real-world exploitation across LLM-powered AI agents regardless of platform vendor. Attackers embed adversarial instructions in content that agents retrieve and execute as trusted directives, with confirmed objectives including financial fraud, credential theft, and data exfiltration. No CVE exists, no single vendor patch resolves the exposure, and the attack surface is defined entirely by agent capability and the content sources agents are permitted to access.