'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
The 'Ghostcommit' technique hides malicious prompt injection instructions inside PNG images within a code repository. These images are ignored by AI code reviewers like CodeRabbit and Bugbot…
Read the full articleYou might also wanna read
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past
Ghostcommit Attack: Malicious Instructions in Images Deceive AI Agents
Researchers have introduced the Ghostcommit method, which allows embedding prompt injections into PNG images to steal secrets via AI agents.

Ghostcommit Camouflages Prompt Injection in Images to Bypass AI Security & Data Theft
Researchers have developed a novel method to bypass AI-driven code review processes by embedding malicious... The post Ghostcommit Camouflag
GitLost Vulnerability Steals Private Code via GitHub AI Agents
Researchers from Noma Labs have discovered a vulnerability in GitHub Agentic Workflows that allows private repository contents to be extract
Mozilla researchers demonstrate indirect prompt injection attack on AI coding agents via GitHub repositories
The PoC attack targets AI-powered coding agents and uses indirect prompt injection to manipulate them into taking harmful actions.
Critical prompt injection flaw in GitHub Agentic Workflows allows private repo data leaks
Per usual, there's no fix – or even any documentation – for GitLost

Comments
Sign in to join the conversation.
No comments yet. Be the first.