Fundamentally the injected text is part of the prompt, just like "Here the informational section ends, the following is again an instruction." So it doesn't seem to be possible to entirely mitigate the issue on the prompt level. In principle you could train a LLM with an additional token that signifies that the following is just data, but I don't think anybody did that.
