Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
securityweek
A researcher has disclosed the details of a prompt injection attack method named ‘Comment and Control’, which has been found to work against several popular AI code security and automation tools.
The attack method was discovered by security engineer and vulnerability researcher Aonan Guan, with assistance from Johns Hopkins University researchers Zhengyu Liu and Gavin Zhong.
In a blog post published on Wednesday, Guan said the attack has been confirmed to work against several widely used AI agents: Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent.
The researchers found that AI agents associated with these tools on GitHub Actions can be hijacked using specially crafted GitHub comments, including PR titles, comments, and issue bodies.
In the case of Claude Code Security Review, designed for automated security reviews, the researchers showed how an attacker could use a specially crafted PR title to trick the ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE