Security researcher Adnan Khan discovered a sophisticated attack chain called 'Clinejection' that compromises Cline's production releases through prompt injection. The attack exploits GitHub's AI-powered issue triage system to execute malicious commands and manipulate shared workflow caches between issue triage and release processes. This demonstrates critical vulnerabilities in AI-assisted development workflows and cache management.
Background
Cline is an AI coding assistant that uses GitHub Actions for automated issue triage. Many projects now integrate AI agents into their development workflows, creating new attack surfaces through prompt injection vulnerabilities in automated systems.
- Source
- Simon Willison
- Published
- Mar 6, 2026 at 10:39 AM
- Score
- 8.0 / 10