Indirect injection happens when the attacker finds a side channel to inject their malicious prompt. Prompts can be hidden in files, or encoded in non-standard ways that aren't easily detectable by security measures.