Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

Clinejection - Compromising Cline's Production Releases just by Prompting an Issue Triager Adnan Khan describes a devious attack chain against the Cline GitHub repository, which started with a prompt injection attack in the title of an issue opened against the repo. Cline were running AI-powered issue triage using the anthropics/claude-code-action action, configured to run Claude Code with --allowedTools "Bash,Read,Write,. " any time any user opened an issue in their repo.