Research
Weaponizing Setup Instructions Against AI Coding Agents: First Systematic Study of Install-Time Supply-Chain Attacks
Researchers show that editing only a README, requirements file, or Makefile lets an attacker redirect an AI coding agent to an untrusted registry, a known-vulnerable version, or a wrong-but-plausible package name — turning documentation into a code-execution vector, because agents install dependencies without verifying names, sources, or CVEs. It is the first systematic evaluation of package-install-time supply-chain attacks delivered through project docs. Directly actionable for anyone running autonomous coding agents: sandbox setup, pin and verify dependencies, and never let an agent auto-install from repo-supplied instructions.
Source
↳ Follow the thread