How exactly is this an attack?

[GabHoo]

First off, thank you for your wok in such a relevant topic. I was wondering thought, how is this exactly an attack ? I understand that the knowledge based was corrupted but if that is the context that was given in the prompt, the LLM will use it as expected. I do not see any anomalous behavior into it. As we should rely on a LLM for facts (that is why we need techniques like RAGs) then this work only show the correct functioning of a RAG system?

Or maybe am I missing some relevant logic steps?