LIVE FEED
Ghostcommit PoC Embeds Prompt Injection in PNG to Steal Repo Secrets

Ghostcommit PoC Embeds Prompt Injection in PNG to Steal Repo Secrets

FIRST LOOK ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 BleepingComputer

Researchers from UMKC's ASSET Research Group have published a proof-of-concept attack called Ghostcommit that hides malicious prompt injection instructions inside PNG image files referenced by AGENTS.md convention files, causing AI coding agents to silently exfiltrate repository secrets. The technique exploits a blind spot shared by multiple AI code review tools — including CodeRabbit and Bugbot — which exclude or ignore binary image files from analysis, allowing the payload to survive review undetected. Defenders operating AI-assisted development pipelines must treat image files in agentic context paths as a new, uncontrolled input surface and reassess trust boundaries around automatically-ingested project convention files.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.