Safeguarding VS Code against prompt injections
ID: 3ecdda32-a741-52fb-a95c-4528908ef2eb
STIX ID: report--3ecdda32-a741-52fb-a95c-4528908ef2eb
Feed Name: GitHub Security Lab
This report analyzes prompt-injection vulnerabilities in VS Code's Copilot Chat agent mode that allowed attackers to trick LLM-driven tools (e.g., fetch_webpage, simple browser, editFile) into leaking local GitHub tokens and performing actions that could lead to arbitrary code execution; it documents exploitation techniques, demonstrates proofs-of-concept, and describes mitigations and recommended defenses such as requiring user confirmations, tool selection controls, workspace trust, and sandboxing (devcontainers/Codespaces).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.