https://oddguan.com/tags/ai-agent-security/Recent content in AI Agent Security on Aonan Guanhttps://oddguan.com/avatar.webphttps://oddguan.com/avatar.webpHugo -- 0.147.7en-usWed, 15 Apr 2026 00:00:00 +0000https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/Wed, 15 Apr 2026 00:00:00 +0000https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/Anthropic Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent are vulnerable to prompt injection via GitHub comments — turning PR titles, issue bodies, and issue comments into attack vectors for API key and token theft.