Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
It doesn’t only search either; the page-reading is just as literal. It ran find for $, €, 99 and even “Agency,” then used the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results