Security · 8h ago
Prompt Injection in GitHub Issue Title Compromised AI Coding Assistant Cline
In December 2025, a misconfigured trigger in Cline's triage workflow allowed any GitHub user to inject a prompt via an issue title. The attack led to cache poisoning, token exfiltration, and publication of a malicious npm package that installed a second AI agent on user machines. The exploit went live for 8 hours, with about 4,000 installs before it was caught.
Meridian48 take
This incident underscores the systemic risk of giving AI agents broad tool access without input sanitization, a vulnerability that mirrors the tj-actions compromise and demands immediate attention from developers.
Read the full reporting
Clinejection: How a GitHub Issue Title Compromised an AI Coding Assistant Used by 5M Developers →
DEV Community
prompt-injectionsupply-chain-attack