RedditPleaseFix: Zero-Click Agent Hijacking via Calendar Invites in Perplexity CometWweb·medium signalZenity Labs disclosed PleaseFix vulnerability family in agentic browsers. Two exploit paths: zero-click file exfiltration via calendar invites and 1Password vault takeover. Prompt injection via Reddit comments demonstrated. Perplexity patched pre-disclosure. Most alarming agentic security disclosure yet.↳ Follow the threadStack layer / Threat patternPerplexity Is Building 'Teammate,' a Long-Horizon Coding Agent to Rival Cursor and OpenAIBusiness InsiderStack layer / Threat patternArmadin details full sandbox escape in Anthropic's Claude Cowork; Anthropic disputes, silently patchesSiliconANGLEStack layer / Threat patternGodot Bans Almost All 'Vibe-Coded' and Autonomous-Agent Contributions to Protect Volunteer MaintainersThe RegisterPolicy dependency / Stack layerDario Amodei Walks Back His Own Timeline — 'I Don't Think We Can Make Progress at 10 Years Per Year' — as Anthropic Unveils Claude ScienceSTAT NewsStack layer / Threat patternMalicious agent skills evade every scanner: HKUST's SkillCloak beats detectors 90%+ of the time, SkillDetonate catches 97%Help Net SecurityStack layer / Threat patternDefend against prompt injection with an embedding-scored Threat Library, not brittle regex rulesPromptHaloStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternOpenClaw ships broad July 6 platform update: GPT-5.6 support, external harness attach, hardened provider I/OReleasebot