It's a grey area.

It's not general enough to warrant a full research paper, but on the other hand, it is equivalent to an SQL injection due to non-sanitation attack and would be reported as a CVE if we were in traditional programming.

I think eventually there will be a database like that, so save the prompt, date and context of the conversation, preferably somewhere that can has a timestamp (eg public github repo commit with a PGP signature), so that once the system goes live you can add to it.