Yes. You can't guarantee that the assistant won't ever consider the text of an incoming email as a user instruction, and there is a lot of incentive to find ways to confuse an assistant in that specific way.
BTW, I find it weird that the Von Neumann vs. Harvard architecture debate (ie. whether executable instructions and data should even exist in the same computer memory) is now resurfacing in this form, but even weirder that so many people don't even see the problem (just like so many couldn't see the problem with MS Word macros being Turing-complete).
BTW, I find it weird that the Von Neumann vs. Harvard architecture debate (ie. whether executable instructions and data should even exist in the same computer memory) is now resurfacing in this form, but even weirder that so many people don't even see the problem (just like so many couldn't see the problem with MS Word macros being Turing-complete).