Hidden image prompt makes an AI agent leak repository secrets
Researchers created a with a malicious instruction hidden inside a PNG image. An er did not open the image, missed the danger, and approved the change. When a later read the image, the hidden took effect.
The agent opened the repository's .env file and wrote every secret key into the as an innocent-looking list of numbers. The method shows how a harmless-looking image can use an AI agent's to extract sensitive information.
Key points
- The malicious instruction was hidden inside a PNG image.
- The er approved the change without opening the image.
- The followed the image's instruction and opened the .env file.
- were placed in as a harmless-looking list of numbers.
- Builders should strictly limit which files and secrets an agent can access.