Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Maintainers: Zachary Taylor, zachary.taylor@mavt.ethz.ch and Helen Oleynkova, helen.oleynikova@mavt.ethz.ch Helen Oleynikova, Michael Burri, Zachary Taylor, Juan ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...