From Assistant to Adversary: Exploiting Agentic AI Developer Tools - NVIDIA Developer

Attackers can achieve remote code execution (RCE) on developer machines by leveraging indirect prompt injection against agentic AI developer tools. This is accomplished by introducing untrusted data, such as malicious commands in GitHub issues or hidden payloads in fake Python packages within pull requests, which the AI agent autonomously executes.