It kind of is more useful to abstract them, so we're not whack-a-moling the current hype or hot title of the day and can focus on the fundamental issues.
I agree, it catches people off guard to think CSV files once interpreted can do more than give columns of information, but it's not an injection which is my beef.
You have to do both. When something unusual comes up it is good to file it away as a possibility. To be fair these have ways been "obvious" on pentests. When you start from the point of all input is dangerous, how can I abuse this one, it becomes the logical conclusion to put in an Excel formula. That is your point, I think. But my experience has told me some inputs are just assumed safe, even by developers that program defensively. So you have to embrace both IMO.
