Symlinks Are Still Scary (And Yes, You Can Commit Them to Git)
A harmless-looking symlink in a Git repo can redirect a tool into reading or writing anywhere on your machine. That old trick is now showing up in AI coding assistants, with nasty results.
Read the full articleYou might also wanna read
Managing your secrets in Git 🗝
We have always been told not to store secrets in Git. But what if I told you that we manage all our secrets in Git?
Vulnerability in Git: Remote Code Execution Risk with git clone --recursive
tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fi
CVE-2026-39246: n/a
A vulnerability in decompress versions before 4.2.2 allows arbitrary symbolic link creation during archive extraction. The vulnerability ari
Ask HN: How do you get over the fear of sharing code?
I'm a junior. Truth be told, I don't really care if professionals/adults see my code or pick it apart/mock it/fork it or whatever. All my re
Critique of YAML Anchors in GitHub Actions: Redundancy and Complexity Concerns
Sep 22, 2025 Tags: programming, rant
GhostApproval Vulnerability Exploits Symlinks to Bypass AI Coding Agent Workspace Restrictions
GhostApproval lets attackers use symlinks to trick AI coding agents into writing outside a workspace and potentially gaining remote code exe

Comments
Sign in to join the conversation.
No comments yet. Be the first.