Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The theory/ folder contains security research documentation including descriptions of offensive techniques and tool syntax. Some files may trigger antivirus false positives on Windows systems.