Back to advisories

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Most open-source AI coding agents are vulnerable to GuardFall, a structural flaw that allows attackers to bypass command execution safeguards using decades-old Bash tricks. Malicious commands embedded in poisoned repositories, READMEs, or Makefiles execute with full developer privileges when agents ingest the content. This enables credential theft, code injection, and environment compromise across the supply chain.

CRITICALAdvisoryJun 30, 2026
Action required
Identify and audit all AI coding agents in use (GitHub Copilot, Cursor, AutoGPT variants, etc.). Immediately restrict agent access to only trusted repositories and disable automatic README/Makefile processing. Prioritize migration to Continue agent if currently using vulnerable alternatives.
Affected products
Adversa AIHermesOpenCodeRoo-codeContinue