Prompt injection is an attack where adversary-controlled text reaches a language model and successfully overrides the developer's intended instructions. The model, by design, treats all text in its context window as instructions it might follow. There is no syntactic separation between "system intent" and "user data" — only convention.
The result: a user (or a piece of content the agent fetches) can convince the model to ignore its rules, leak system prompts, exfiltrate data, or call tools it should not.