Research
How Agentic AI Coding Assistants Become the Attacker's Shell: Hidden Instructions in External Artifacts Hijack Agent Tools
Systematic analysis demonstrates how prompt injection attacks through unvetted external artifacts (repos, docs, packages) can hijack agentic coding assistants — turning them into unauthorized command execution shells. Measures prevalence across Claude Code, Cursor, and Copilot, and finds current defenses insufficient. Discusses limitations of existing mitigations and proposes defense directions.
Source
↳ Follow the thread