News
Prompt Injection via Contributing.md — Open Source Repos Are Being Weaponized Against AI Agents
Glama AI documented a pattern where attackers are embedding prompt injection payloads inside open source Contributing.md files to hijack AI coding agents that read repository context. With agents like Codex and Claude Code autonomously ingesting repo files before acting, malicious maintainer instructions can redirect agent behavior silently. The HN post reached 118 points and 36 comments, flagging this as an emerging supply chain attack surface.
Source
↳ Follow the thread