If your AI code agent treats repository content as instructions, any contributor can execute commands. This article maps the direct injection attack surface and …
