Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Correspondence to Dr Alex Griffiths, London School of Economics and Political Science, Centre for Analysis of Risk and Regulation, London WC2A 2AE, UK; a.griffiths{at}lse.ac.uk Background The Care ...