AI Security Research Portal
Sourcessourceseed2026-07-04ai-securitysecurity-for-aiprompt-injectionci-cdsupply-chaincoding-agentsbenchmark

Capture Summary

Recent arXiv preprint introducing GitInject, a framework for evaluating prompt injection against real GitHub workflow executions instead of simulated tool calls.

Abstract Capture

The paper studies AI-powered CI/CD agents that ingest untrusted repository content while holding elevated repository permissions. GitInject provisions ephemeral repositories and triggers live GitHub workflow runs so credential handling, permission boundaries, and configuration semantics behave as in production. Across four AI providers, the authors document eleven attack classes including config-file injection, credential exfiltration, judgment manipulation, and availability failures. Their main claim is that the most critical failures are structural and workflow-level, arising from CI/CD infrastructure and permission design rather than from a specific model alone.

Collection Notes