How to weaponize LLMs to auto-hijack websites