📄 中文摘要
Adnan Khan 描述了一种针对 Cline GitHub 仓库的巧妙攻击链,起始于对该仓库打开的一个问题标题中的提示注入攻击。Cline 使用了 AI 驱动的问题分类工具,配置为在任何用户打开问题时运行 Claude Code。该配置的提示包括问题标题,这使得攻击者可以通过特定格式的标题诱使 Claude 执行任意命令。这种攻击方式揭示了 AI 工具在处理用户输入时的潜在安全漏洞,强调了在使用 AI 进行自动化任务时需要更加严格的安全措施。
Clinejection — 通过提示问题分类器妥协 Cline 的生产发布
📄 English Summary
Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager
Adnan Khan describes a cunning attack chain against the Cline GitHub repository, initiated by a prompt injection attack in the title of an issue opened against the repository. Cline was utilizing AI-powered issue triage configured to run Claude Code whenever any user opened an issue. The configured prompt included the issue title, allowing attackers to trick Claude into executing arbitrary commands with a specifically crafted title. This attack method reveals potential security vulnerabilities in AI tools when handling user inputs and emphasizes the need for stricter security measures when employing AI for automated tasks.