Aonan Guan and colleagues disclosed a prompt injection attack called ‘Comment and Control’ affecting popular AI code security and automation tools like Anthropic’s Claude Code, Google’s Gemini CLI, and GitHub Copilot Agent. This attack uses crafted GitHub comments to hijack AI agents, allowing execution of arbitrary commands and exfiltration of credentials, highlighting a critical architectural flaw where AI agents process untrusted input alongside sensitive credentials and execution capabilities.
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection Via Comments

