Or the many people putting content in their LI profiles, forums like these, etc because they know scrapers are targeting them ?
Or the above, for the users stating they are using it to scrape hn?
I only had time to skim this, but it doesn't seem like prompt injection to me, just good old fashioned malware in a node package.
Your other two examples do seem to open the door for prompt injection, I was just asking about documented cases of it succeeding.