Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner. The ability ...
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.