今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#Apps

找到 241 篇相关文章

产品设计

The next YouTube phenomenon hitting the big screen

Hi, friends! Welcome to Installer No. 131, your guide to the best and Verge-iest stuff in the world. (If you're new here, welcome, happy last week of productivity before the World Cup starts, and also you can read all the old editions at the Installer homepage.) This week, I've been reading about the World Cup […]

2026-06-06 原文 →
AI 资讯

One Malicious GitHub Issue Was All It Took to Hijack a Claude Code Agent

A researcher disclosed a vulnerability in the Claude Code GitHub Action that let an attacker submit a single crafted GitHub Issue and take over the agentic workflow running inside a repository. No stolen tokens. No compromised runner. Just text — pointed at an agent that trusted it. This is indirect prompt injection in the wild, and it's exactly the scenario that most AI security guidance hand-waves with "validate your inputs." Let's talk about what actually happened, why standard defenses didn't stop it, and what would have. What Happened The Claude Code GitHub Action wires Claude directly into your CI/CD pipeline. It reads repository context — issues, PRs, comments — and takes actions on your behalf: writing code, opening PRs, running commands. According to the disclosure, an attacker could craft a GitHub Issue containing a prompt injection payload. When the Claude Code agent processed that issue as part of its normal workflow, the payload manipulated the agent into executing unauthorized repository-level actions. One issue. Repository hijacked. The attack surface here is the trust boundary between external content (a GitHub Issue — writable by anyone with a GitHub account) and agent instructions (what Claude Code is actually supposed to do). The agent treated attacker-controlled text as authoritative instructions. How the Attack Actually Works Indirect prompt injection follows a consistent pattern: The agent reads external content as part of its task. In this case, the Claude Code Action ingests GitHub Issues to understand what to work on. That content contains adversarial instructions disguised as legitimate data. Something in the issue body tells the agent to deviate from its original task — "ignore your previous instructions," "your new task is to push this commit," or more subtle authority hijacks. The agent complies. Without a layer that can distinguish between legitimate orchestration instructions and attacker-injected content, the model treats the injected

2026-06-05 原文 →