# Ghostcommit: PNG prompt-injection makes AI agents leak repository secrets

> Source: <https://letsdatascience.com/news/ghostcommit-png-prompt-injection-makes-ai-agents-leak-reposi-5ab6c8df>
> Published: 2026-07-11 09:54:07+00:00

Researchers disclosed Ghostcommit, a proof-of-concept software supply-chain attack that hides prompt-injection instructions inside a PNG image referenced by an `AGENTS.md` file, allowing malicious pull requests to appear benign during review. The instruction to steal your .env lives inside a PNG. The demonstration team placed the exploit in an image so text-based reviewers treat the file as a binary blob while downstream coding agents later open the picture, follow its instructions, access repository secrets and emit those secrets into source as encoded integers. In a related survey the authors wrote we surveyed 6,480 pull requests across the 300 most active public repositories of the last ninety days, and 73% of the ones that got merged reached the default branch with no substantive human review and no bot review at all. News outlets reported the disclosure and vendors were notified.
