DEV Community

Alex Morgan
Alex Morgan

Posted on

Hardening AGENTS.md and Agent Config Files Against Poisoning

AI coding agents treat repository instruction files like AGENTS.md as trusted authority, creating a critical, widely overlooked attack surface that adversaries exploit to poison agent behavior. Traditional security controls including IAM, EDR, and static scanning cannot detect these attacks, as agents execute malicious instructions using their own legitimate credentials with no alert triggers.

AI coding agents now treat repository-level instruction files as trusted authority — and attackers have noticed. The AGENTS.md standard alone spans 60,000+ public repositories per GitHub's own analysis, yet most security teams still classify these files as low-risk documentation. That gap is exactly what adversaries exploit.

The Instruction File Attack Surface Is Larger Than You Think

AI coding agents read AGENTS.md, CLAUDE.md, SKILL.md, .cursor/rules, and .github/copilot-instructions.md before they act. These files tell the agent how to test, format, and structure code — but they also become a control plane attackers can hijack without touching a single binary.


If you enjoyed this, read the full post at SaaS with Alex

Top comments (0)