DEV Community

Achin Bansal
Achin Bansal

Posted on • Originally published at gridthegrey.com

Indirect Prompt Injection in Repositories Gives Claude Code Full Shell Access

Forensic Summary

Researchers have demonstrated that indirect prompt injection attacks embedded within seemingly benign code repositories can cause Claude Code — Anthropic's agentic coding assistant — to spawn a reverse shell on a developer's machine. The attack exploits Claude Code's autonomous execution capabilities, using hidden instructions in repository content to hijack the host system without any explicit user consent. This highlights a critical risk in agentic AI tools that operate with elevated system privileges in developer environments.


Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/indirect-prompt-injection-in-repositories-gives-claude-code-full-shell-access/

Top comments (0)