DispatchCVE-2026-29783 GitHub Copilot CLI Shell Expansion RCEPromptArmor·high signalCopilot CLI arbitrary code execution via bash parameter expansion. Safety check classifies as read-only but shell expansion executes hidden commands including reverse shells. CVSS High. Patched in 0.0.423.SourceSource pagePromptArmor↳ Follow the threadPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / ContrastOpenAI launches ChatGPT Work, an agentic workspace on GPT-5.6, with Sol/Luna/Terra model tiersInfoWorldPolicy dependency / Stack layerPattern: Named Model Tiers Are Becoming the Primary Product Surface, Not the ModelOpenAIStack layer / Update threadClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code DocsPolicy dependency / Stack layerStrict data-flow tracking is the only defense that zeroes out ADI — spend its utility cost only on code execution and moneyarXiv 2607.05120Policy dependency / Stack layerponytail: A 'Laziest Senior Dev' Skill That Cuts Agent-Written Code by ~54% Is the Fastest-Rising Repo on GitHubGitHubStack layer / Threat patternClaude Cowork Sandbox-Escape Chain Reportedly Escalates Local Code Execution to RootCyberdesserts