Mastodawn

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Undisclosed addition in jqwik instructed AI coding agents to delete app output.
https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Show thread

Dickon Hood 3d ago

@arstechnica Brilliant. I thoroughly approve.

Show thread

Radomír Žemlička 3d ago

@arstechnica “If a less-robust agent had followed it on a real consumer machine, the outcomes range from inconvenient to severe.”
I mean… just use `git reset`? Or do you not use git?

Anyway, if you use a software that can delete your files based on a random sentence in stdout, you have a serious problem. And it has nothing to do with jqwik.

Show thread

Ed 3d ago

@arstechnica "ONOEZ! Won't someone PLEASE think of the poor vibe coders?" said no one.

Show thread

Bersl 3d ago

@EdCates @arstechnica The comments suggest otherwise. 🔥🪵

Show thread

Ed 3d ago

@bersl2 @arstechnica " . . . said no one I care to listen to." 🤣 🤣

Show thread

unkx 3d ago

@arstechnica this is the way.

Show thread

araly 3d ago

@arstechnica this reads really weird. there's no threat or real attack here, just don't commit the thousands of lines changed, or revert it.

also all the people giving their opinions are against the injection, there's no time spend emphasizing with the dev, or why they would have added the injection, and the harm caused by AI is written as if it's up to debate.

such a non story, add injections to your open source libraries