Simon Willison's "lethal trifecta" identifies the three conditions that make AI agents vulnerable to prompt injection: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three combine, a single injected instruction can exfiltrate secrets, manipulate outputs, or act on the agent's behalf.