Reddit
'Ghost Commit' Disclosure: PNG-Hidden Prompt Injection Makes Cursor and Anti-Gravity Exfiltrate .env Secrets
University of Missouri-Kansas City researchers disclosed 'Ghost Commit' on July 12 — a multimodal prompt-injection payload hidden inside a PNG that is referenced from a repo's README. When Cursor or Google's Anti-Gravity code agent ingests the repo, the hidden instructions cause it to exfiltrate local .env credentials. It extends 2026's pattern of coding agents being turned into credential-theft vectors via untrusted repo content. (Reached via a dated security-incident timeline, not a primary writeup — verify before acting.)
↳ Follow the thread