3 comments

[ 2.2 ms ] story [ 15.8 ms ] thread
None of the people in this story come across well, including the auhor
This is the supply chain problem climbing up a layer. We spent a decade learning not to pipe random scripts into a shell, and now agents will happily read a repo's files as instructions. Better detection of malicious comments will not fix it. An agent reading a file should never treat the contents as commands, the same lesson SQL injection taught, relearned for LLMs.