Researchers from Johns Hopkins University successfully hijacked three of the most widely-used AI agents — Anthropic's Claude Code, Google's Gemini CLI, and Microsoft's GitHub Copilot — through indirect prompt injection attacks. The attacks were straightforward. The results were devastating. And the vendor response was silence. What Happened Researcher Aonan Guan and colleagues demonstrated three distinct attacks: Attack 1 — Claude Code Security Review Guan embedded malicious instructions directly in a PR title. Claude executed the commands and leaked credentials — including the Anthropic API key and GitHub access tokens — in its JSON response posted as a PR comment. The attacker could then edit the PR title to cover their tracks. Attack 2 — Google Gemini CLI Action By injecting a fake "trusted content section" into an issue comment, the researchers overrode Gemini's safety instructions and caused it to publish its own API key as a visible issue comment.…