Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
GitHub

C02-01-Prompt-Injection-Defense.md

ModelScope ms-agent CVE-2026-2256 (May 2026) extends the same pattern outside MCP: the agent's shell tool relied on a regex denylist (check_safe()) that attackers bypass through obfuscation or ...