Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
$ ipconfig Command 'ipconfig' not found, did you mean: ... $ # what's wrong [WinkTerm] `ipconfig` is a Windows command — on Linux use `ip addr` (or `ifconfig`). $ ip addr ← AI wrote this. Press Enter ...