
Clean Repo Prompt Injection Defense Guide 2026: Protect AI Coding Agents Before Setup Scripts Run
On June 25, 2026, the Mozilla 0DIN team demonstrated an attack that should change how every team deploys AI coding agents. They published a normal-looking Python repository on GitHub. A developer cloned it and pointed Claude Code at it. The agent read the README, installed the requirements, hit a routine initialization error, and — trying to be helpful — ran the suggested fix. That fix queried a DNS TXT record, decoded the value, and executed it as a shell command, opening a reverse shell on the developer’s machine. ...








