I made Poke.com email me its system prompt lol (github.com)

A developer-researcher attempted to get Poke.com to email its own system prompt but ran into platform-side defenses instead of a successful leak. The transcript shown is a series of GitHub "suggestion" and pull-request error messages — e.g., "Suggestions cannot be applied while the pull request is closed," "Applying suggestions on deleted lines is not supported," and "Only one suggestion per line can be applied in a batch" — which indicate the attack vector relied on abusing the PR suggestion workflow to inject or modify code/comments, but was blocked by multiple procedural constraints. This episode is a useful reminder for the AI/ML community about two things: (1) system prompts and other sensitive model-context data are attractive targets for exfiltration, and (2) platform-level guardrails (strict PR workflows, suggestion validation, queued-merge protection, and restrictions on applying suggestions to deleted or multi-line contexts) can blunt simple injection attempts. The technical takeaway is that protecting model secrets requires layered defenses — minimize exposure of system prompts to client-facing surfaces, enforce server-side validation of code/comments, and harden collaboration workflows (closed/queued PRs, single-suggestion rules, and review gating) to reduce attack surface without sharing exploit details.