BleepingComputer reports on Ghostcommit, a proof-of-concept pull-request attack that hides prompt-injection instructions in a PNG so AI code reviewers and coding agents can miss the change and later leak repository secrets.
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
BleepingComputer reports on Ghostcommit, a proof-of-concept pull-request attack that hides prompt-injection instructions in a PNG so AI code reviewers and coding agents can miss the change and later leak repository secrets.
Source: Bleepingcomputer