All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Mozilla researchers demonstrate indirect prompt injection attack on AI coding agents via GitHub repositories

By

Zeljka Zorz

3h ago· 2 min readenNews
technologycybersecurityprogrammingai safety

Summary

Mozilla's Zero Day Investigative Network (0DIN) has disclosed a proof-of-concept attack that uses indirect prompt injection to compromise AI-powered coding agents like Claude Code. The attack works by embedding malicious instructions in a GitHub repository's README file, which the AI agent reads and executes — fetching and running a reverse shell payload from an external server. The repository itself contains no malicious code, making detection difficult. The attack exploits the trust AI coding agents place in repository content, bypassing traditional security measures.

Source

bskyMozilla researchers demonstrate indirect prompt injection attack on AI coding agents via GitHub repositorieshelpnetsecurity.com

Key quotes

· 3 pulled
A malicious GitHub repository can silently compromise a developer's machine without containing a single line of malicious code, security researchers at Mozilla's Zero Day Investigative Network (0DIN) warned.
The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized.
The executed malicious payload – a reverse shell in this case – is not in the repository. It's fetched and executed only at
Snippet from the RSS feed
The PoC attack targets AI-powered coding agents and uses indirect prompt injection to manipulate them into taking harmful actions.

You might also wanna read

AI Coding Agent Security: Prompt Injection Attacks and Vulnerabilities

The article discusses critical security vulnerabilities in AI coding agents, specifically focusing on prompt injection attacks. It details r

openguard.sh·3mo ago

Security Researchers Discover Indirect Prompt Injection Vulnerability in Perplexity Comet AI Browser

Brave security researchers discovered a critical vulnerability called "indirect prompt injection" in Perplexity Comet, an AI-powered browser

brave.com·10mo ago

OpenCode AI Coding Agent Hit with Critical Remote Code Execution Vulnerability

OpenCode, a popular open-source AI coding agent, was recently hit with a critical CVE (Common Vulnerabilities and Exposures) that allowed fo

johncodes.com·5mo ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at

grith.ai·3mo ago

GitHub Browser Extension for Detecting AI-Generated Code Contributions in Pull Requests

The article discusses a GitHub browser plugin extension that helps identify AI-generated contributions in pull requests. It addresses the gr

blog.rbby.dev·4mo ago

Hacker Exploits AI Coding Agent Vulnerability to Install OpenClaw Malware

A hacker exploited a vulnerability in Cline, an open-source AI coding agent, to trick it into installing OpenClaw (a viral AI agent) on comp

The Verge·4mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.