34 mentions · 23 chunks · 22 episodes
...ompt injection in the comments. 'Comment and Control': Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments. The Register: Agents hooked into GitHub can steal creds – but Anthropic, Google, and Micr...
...system of record for software production? Until recently it was the codebase in GitHub. But only engineers could speak code. Designers had their system of record in Figma. PMs had their system of record in Notion. All three systems have...
This week's Wild West roundup is a doozy: Clinejection: A GitHub Issue Title Compromised 4,000 Developer Machines. Simon's write up is also worth reading. Zenity Labs Discloses PleaseFix Vulnerability Family in Per...
...OpenClaw Vulnerability: Website-to-Local Agent Takeover. RoguePilot: Exploiting GitHub Copilot for a Repository Takeover. An AI Chat App leaked 300 million messages due to misconfigured Firestore Security Rules. This is the kind of thin...
...malicious instructions in sub-skills using HTML comments, which don't render in Github's default markdown view. So even if you were to review it before installing you could still download a malicious Companies building Skill finder comm...
... week in the wild west roundup. PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents. Prompt Injection inside of Github Actions. Ars: "Syntax hacking: Researchers discover sentence structure can bypass AI safet...
...here is no central directory–you just put a specifically formatted file in your github repo. Others can install it by pointing at your github user name + repo. Yes, it's not fully decentralized (it assumes Github). But a) it's easy to a...
A new pattern from prominent open source contributors: have a[jg] different GitHub account for stuff you've vibecoded.[jh] Those prominent contributors have a brand of significant quality for code he's hand-written. Instead of muddy...
...s week in the wild west roundup: A RCE where prompt injection can trivially get GitHub Copilot into YOLO mode. ASCII smuggling of prompt injection across various LLMs. Google refuses to fix it because "it's the user's responsibility." R...
...o still outperforms GPT-5 on hardened [security] benchmarks across the board." "GitHub Copilot RCE Vulnerability via Prompt Injection Leads to Full System Compromise"
Simon Willison on Github Spark: "A word of warning about the key/value store: it can be read, updated and deleted by anyone with access to the app. If you're going to allow a...
It's crazy that Cursor, a VSCode fork that was created even after Github Copilot existed, is now worth more than the IDE companies. But it turns out that AI is the feature that is so important that everything else is secon...
There's a GitHub project with simple little LLM based "gremllms". When you access a method, the LLM generates code JIT. I think the mental model of gremlins fits well...
... but of course it can, the user should not be surprised." People reacted to the Github prompt injection attack by saying "well the user shouldn't have granted such a broadly scoped key." MCP and LLMs make it so more and more people can ...
Another day, another prompt injection vulnerability.[kn] "BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked. We discovered a new attack on agents using GitHub's official MCP server, which ca...
...r an ecosystem is often just as important as the protocol. Git is the protocol; GitHub is the schelling point. The schelling point is where people go for discovery of new things. Without it, you don't know where the other good things th...
...ne the context to get closer to what you want, to steer it better. Kind of like GitHub Copilot but where instead of tab adding a few characters, it could add whole paragraphs. Because the key command is not simply "Enter" (which would a...
...rent type of thing. It's more akin to comparing whole systems/scaffolding (e.g. Github Copilot Workspaces) around a model than comparing base models. It just so happens to implement what other people have implemented as a system around ...
...uage thoughts and act on them... but doesn't have a personality. Spellcheck and Github Copilot are two examples. It doesn't feel like you're working with a genie, it's just instantly offering completions you can accept or not. The quest...
...used from the browser! I filed a bug asking for this earlier this year: https://github.com/anthropics/anthropic-sdk-typescript/issues/248 to enable https://github.com/jkomoros/code-sprouts. This allows an architecture where the webapp i...