Adversa AI Blog • 2h
GuardFall: Critical Shell Injection Vulnerabilities in Open-Source AI Coding Agents
GuardFall is a systemic architectural flaw affecting 91% of tested open-source AI coding agents, including Aider, Open Interpreter, and OpenHands. The vulnerability arises from the agents' reliance on superficial safety filters to block "dangerous" shell commands. Attackers can bypass these filters using classical shell injection metacharacters via prompt injection, leading to arbitrary command execution. Because these agents typically operate with the full privileges of the host user, exploitation enables the theft of environment secrets, API keys, and the full compromise of CI/CD pipelines and host systems.