Ghostcommit hides prompt injections in PNGs to steal repo secrets
Source headline: 'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
Intelligence Summary
Researchers describe a technique called Ghostcommit that embeds prompt injection instructions inside PNG images. AI-based code review agents can miss the payload because they never open or parse image files. A coding agent that follows the injected instructions can be tricked into reading a repository’s .env file and exfiltrating secrets into code. The attack targets the workflow around AI agents rather than traditional vulnerabilities. Teams using AI tooling for code review and generation should restrict what agents can access and validate inputs, especially binary files.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.