> (...) and the only communication channel would be towards me (enforced with things like API key permissions).

> This should prevent any kind of leaks due to prompt injection, right ?

It might be harder than you think. Any conditional fetch of an URL or DNS query could reveal some information.