graphwiz.aiComment and Control: Prompt Injection Attacks Against AI Coding Agents in GitHub Actions
Researchers from Johns Hopkins demonstrated that GitHub PR titles and issue comments can hijack Claude Code, Gemini CLI, and Copilot Agent to steal credentials, all without an external command-and-control server.
githubaisecurityprompt-injectionci-cdclaudecopilotgemini