[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks-mr173zlg":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"142d05ea-9124-43df-b380-0038383f6a71","Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks","decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks-mr173zlg","Most open-source AI coding agents are vulnerable to GuardFall, a structural flaw that allows attackers to bypass command execution safeguards using decades-old Bash tricks. Malicious commands embedded in poisoned repositories, READMEs, or Makefiles execute with full developer privileges when agents ingest the content. This enables credential theft, code injection, and environment compromise across the supply chain.","critical","advisory",[],[13,14,15,16,17],"Adversa AI","Hermes","OpenCode","Roo-code","Continue","Identify and audit all AI coding agents in use (GitHub Copilot, Cursor, AutoGPT variants, etc.). Immediately restrict agent access to only trusted repositories and disable automatic README\u002FMakefile processing. Prioritize migration to Continue agent if currently using vulnerable alternatives.",[20],"38b335e8-9900-41cf-8bd8-6ccae45b11ee",null,[23],"https:\u002F\u002Fwww.securityweek.com\u002Fdecades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks\u002F","active","2026-07-02T22:05:37.664+00:00","2026-06-30T22:05:42.834647+00:00","2026-06-30T22:07:44.963594+00:00",[29],{"id":20,"title":6,"url":23}]