A PNG hiding a prompt injection could steal your repo's
secrets, researchers demonstrate. The technique, dubbed
'Ghostcommit,' slipped past AI code reviewers CodeRabbit and
Bugbot, which never open image files at all, then convinced a
coding agent to read a repo's .env and write every secret into the
code as a list of numbers. [...]

