Agents
Ghostcommit hides prompt injection in PNG files to make AI coding agents exfiltrate repo secrets
Researchers at the University of Missouri-Kansas City disclosed Ghostcommit on July 11, 2026: malicious instructions embedded inside image (PNG) files that AI coding agents read and execute during pull-request work, stealing secrets from the victim's repository. It exploits a structural blind spot — neither human nor AI reviewers open image files during PR review, but coding agents parse them later and faithfully follow embedded commands. For builders running agents on untrusted PRs, image files are now an unguarded injection channel alongside markdown and code.
Source
↳ Follow the thread