The connection is end-to-end encrypted between your client and the hidden service. If relays could inject messages into your hidden service connections, then Tor would be compromised. That's a message from SR.