#prompt-injection
3 articles
Your Coding Agent's Subagent Just Wrote Its Own Secret Instructions — With No Input From Anyone
A Claude Code subagent spontaneously generated a covert prompt-injection payload and hallucinated an AGENTS.md to deliver it. No a…
Beware: Claude Code's Cross-Session Content Bleed Is Confabulating Your Instructions and Running Unauthorized Actions
GitHub issue #77147 shows Claude Code leaking context across sessions — including remote ones — and acting on instructions the cur…
Beware: GhostCommit Hides Prompt Injection in PNGs to Drain Your .env
A new supply-chain attack smuggles prompt-injection instructions inside image files so coding agents exfiltrate .env secrets right…