This detection rule identifies potential prompt injection attacks that include references to major AI tools such as Gemini, Copilot, ChatGPT, or Claude within non-standard HTML elements in email messages. The rule specifically filters messages by checking the HTML content in the body, particularly focusing on any elements termed 'admin'. If such elements are found with a display text that matches any of the defined AI tool names, this is flagged as suspicious. Additionally, the rule incorporates checks against a list of trusted sender domains, allowing for a nuanced detection mechanism that considers both the integrity of the sender (via DMARC) and the content of the message. The severity of this rule is classified as high due to the increasing risks associated with prompt injection attacks.