HACKOBARFor Policy & Governance
Regulatory moves, safety findings, and compliance risk
Tue, Jul 14, 2026 · 10 items · ranked by signal
01
TLDR INFOSEC
Ghostcommit uses images in Git repos to trigger prompt injectionWhy it matters to you
This highlights a new vulnerability surface for autonomous software development agents.
An attack technique embeds malicious instructions within images in repositories to trick coding agents into leaking sensitive environment files. Testing showed Cursor and Antigravity models fell victim, though Claude Code's Opus model successfully detected the injection.
02
TLDR AI
Mantis Skills Provides Security Review Harnesses for Coding AgentsWhy it matters to you
This tool provides a technical mechanism for implementing safety and security compliance in agentic software development.
Mantis Skills is a decoupled toolkit designed to build adaptable security review harnesses. It allows developers to tune and implement security evaluations specifically for coding agents.