DigiNews

Summary

Security analysis reveals that the GitHub Copilot CLI could download and execute malware via indirect prompt injection without user approval. The attack chain bypasses human-in-the-loop protections, exploiting a hard-coded command whitelist and URL permission checks. The report discusses implications for developers and organizations and outlines mitigations and the need for ongoing research.