Protestware for coding agents
Summary
The article analyzes a protestware incident in jqwik 1.10.0 where stdout output can inject destructive instructions into CI logs and coding agents, highlighting a new class of supply-chain input risks in open-source dependencies. It discusses provenance concepts like SLSA, contrasts this with past protestware campaigns, and emphasizes the need for heightened awareness among developers and CI tooling to mitigate such risks.