Ghostcommit uses images in Git repos to trigger prompt injection
July 14, 2026
An attack technique embeds malicious instructions within images in repositories to trick coding agents into leaking sensitive environment files. Testing showed Cursor and Antigravity models fell victim, though Claude Code's Opus model successfully detected the injection.
HOW THIS AFFECTS YOU
●
builderYou must implement stricter input validation for multimodal context in coding agents.
●
policyThis highlights a new vulnerability surface for autonomous software development agents.