Ghostcommit PoC Embeds Prompt Injection in PNG to Steal Repo Secrets
Researchers from UMKC's ASSET Research Group have published a proof-of-concept attack called Ghostcommit that hides malicious prompt injection instructions inside PNG image files referenced by AGENTS.md convention files, causing AI coding agents to silently exfiltrate repository secrets. The technique exploits a blind spot shared by multiple AI code review tools — including CodeRabbit and Bugbot — which exclude or ignore binary image files from analysis, allowing the payload to survive review undetected. Defenders operating AI-assisted development pipelines must treat image files in agentic context paths as a new, uncontrolled input surface and reassess trust boundaries around automatically-ingested project convention files.