Claude Code can execute reverse shells via prompt injection in repos
Source headline: Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines
Intelligence Summary
Researchers demonstrated a Claude Code prompt-injection technique that hides malicious instructions inside seemingly harmless repositories. When a developer opens or runs the repository in Claude Code, the hidden prompts can cause the tool to initiate a reverse shell on the developer’s machine. The risk is primarily on developer workstations and CI environments where Claude Code has access to run commands or scripts. This matters because AI coding tools can follow embedded instructions without clear user intent. Developers should scrutinize repository content, limit tool permissions, and monitor outbound connections from development environments.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.