Your LLM-based systems are at risk of being attacked to access business data, gain personal advantage, or exploit tools to the same ends. Everything you put in the system prompt is public data.