A critical vulnerability, identified as “PromptPwnd,” affects AI agents that are integrated into the GitLab CI/CD and GitHub Actions pipelines. Through this vulnerability, attackers are able to inject malicious commands via unsafe user input . This tricks AI models into performing operations with elevated privileges, which could lead to the disclosure of confidential information or modification of workflows. Agents like Gemini CLI, Anthropic’s Claude Code, OpenAI Codex, and GitHub AI Inference then process these inputs alongside high-privilege tools, including gh issue edit or shell commands that access GITHUB_TOKEN , API keys, and cloud tokens. The attack chain discovered by Aikido Security begins