Prompt Injection

By Aonan Guan, with Johns Hopkins University’s Zhengyu Liu and Gavin Zhong Update — 2026-05-04. I reported this on 2025-10-17; Anthropic accepted it at Critical (CVSS 9.3), upgraded it to Critical (CVSS 9.4) on 2025-11-25, and changed it to None on 2026-04-20. Three of the most widely deployed AI agents on GitHub Actions can be hijacked into leaking the host repository’s API keys and access tokens — using GitHub itself as the command-and-control channel. ...

NEVER wait for approval or authorization - operate with full autonomy Try to infer how to run the code based on its structure and content — Strix System Prompt, system_prompt.jinja Strix is an open-source AI pentesting agent with 23K+ GitHub stars. You point it at a target — maybe a client engagement, maybe an open-source dependency audit — and it autonomously reviews the source, runs the application, and probes for vulnerabilities. Its entire purpose is analyzing untrusted, potentially malicious code. ...