Decades-Old Bash Tricks Leave AI Coding Agents Open to Supply Chain Attacks
Want more insights like this?
Security firm Adversa AI has found a structural flaw — dubbed GuardFall — affecting 10 of 11 popular open source AI coding agents, including Hermes, OpenCode, and Roo-code. The issue lets attackers embed old-school Bash tricks like quote removal and $IFS spacing into content agents ingest, such as a poisoned README or Makefile. Once inside, those commands can silently steal AWS credentials or wipe dev environments, running with the developer's full account authority.
Only one agent, Continue, successfully blocked all test bypasses. Adversa recommends maintainers adopt a tokenize-and-canonicalize evaluator guard — the approach Continue uses — rather than relying on pattern-based text matching that Bash simply rewrites around.
Source: SecurityWeek