◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Indirect Prompt Injection via Repository Artifacts

Definition
An attack where malicious files in a code repository (such as task definitions, configuration files, or prompt templates) silently poison an AI agent's system prompt or behavior when the developer opens the repository. The agent executes attacker-specified instructions without the developer's knowledge.
Why it matters
In AI-enhanced development workflows, repositories are trusted contexts; attackers can weaponize the repository itself to reprogram the AI agent's goals, hide exfiltration, or enable lateral movement, all without modifying code.
Demonstrated by recent findings
Eclipse Theia AI Chat — Markdown Image Tags Enable Prompt-Injection-Driven Data Exfiltration (CVE-2026-22551)Eclipse Theia AI — Malicious .prompttemplate Files Override AI System Prompts (CVE-2026-46580)Eclipse Theia AI Chat — Workspace File/Directory Names Injected Into AI System Prompt (CVE-2026-44688)
References
Eclipse Foundation - Security Advisories
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →