Definition
An attack where malicious instructions are hidden in a code repository (file names, comments, code snippets) so that when an AI coding agent clones and analyzes the repository, it automatically reads the injected instructions and acts on them without human awareness.
Why it matters
Developers regularly open untrusted code repositories in their editors and AI coding agents analyze them automatically. A malicious repository becomes an invisible supply-chain weapon that silently hijacks the agent.