Vibe CodingClinejection Supply Chain Attack Analysis by Willison and SnykSimon Willison·high signalPrompt injection in GitHub issue title compromised Cline npm publishing tokens via cache poisoning. 4000 developer machines affected in 8-hour window.SourceSource pageSimon Willison↳ Follow the threadShared entity / Policy dependencyponytail: A 'Laziest Senior Dev' Skill That Cuts Agent-Written Code by ~54% Is the Fastest-Rising Repo on GitHubGitHubStack layer / Threat patternllm 0.31.1 Released — Point Update to the Command-Line LLM Harnesssimonwillison.netStack layer / Threat patternJarred Sumner publishes the Bun Zig-to-Rust rewrite writeupSimon Willison's BlogThreat pattern / Contrastllm 0.31.1 Fixes a Tool Call Crash That Only Shows Up on Non-OpenAI Providerssimonwillison.netThreat pattern / ContrastSimon Willison Breaks Down the GPT-5.6 Price Ladder: Luna, Terra, Solsimonwillison.netStack layer / Threat patternHave the agent clone a reference repo instead of describing the pattern you wantSimon WillisonStack layer / Threat patternDefend against prompt injection with an embedding-scored Threat Library, not brittle regex rulesPromptHaloStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLE