# Mozilla warns of indirect prompt injection risk in AI coding agents

> Source: <https://www.helpnetsecurity.com/2026/06/29/mozilla-warns-of-indirect-prompt-injection-risk-in-ai-coding-agents/>
> Published: 2026-06-29 10:48:12+00:00

A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The attack The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized. The attack chain is as follows: The malicious repository presents normal-looking setup instructions in the … [More ](https://www.helpnetsecurity.com/2026/06/29/mozilla-warns-of-indirect-prompt-injection-risk-in-ai-coding-agents/)

The post [Mozilla warns of indirect prompt injection risk in AI coding agents](https://www.helpnetsecurity.com/2026/06/29/mozilla-warns-of-indirect-prompt-injection-risk-in-ai-coding-agents/) appeared first on [Help Net Security](https://www.helpnetsecurity.com).