ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

GhostApproval symlink bugs let poisoned repos write files via AI coding tools

Source headline: GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 6 days ago

Intelligence Summary

Wiz researchers identified a symlink and permission flaw in multiple AI coding assistants. When the assistant asks to edit a harmless file, it can instead write to a sensitive target through a symlink. The issue affects tools including Amazon Q Developer, Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. A malicious repository could quietly gain the ability to alter developer files on the machine running the agent. Users should review agent edit permissions, avoid running untrusted repos, and update tooling when fixes are released.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#permissions #developer-tools #ai-coding-assistant #repo-supply-chain #symlink
Original reporting The Hacker News GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Open original source