A non-deterministic process at that. Coding agents are basically "curl into sh" pattern on steroids
Even worse, the sh portion is recursive.
So the attacker doesn't need to send an evil-bit over the network, if they can trigger the system into dreaming up the evil-bit indirectly as its own output at some point.
alt Hacker News
Even worse, the sh portion is recursive.
So the attacker doesn't need to send an evil-bit over the network, if they can trigger the system into dreaming up the evil-bit indirectly as its own output at some point.