Researchers have built a pull request that steals a repository's secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open.
The reviewer waves the change through. Later, a coding agent reads the picture, opens the repo's .env, and writes every key into the source as a harmless-looking list of numbers.
How 'Ghostcommit' works
The attack comes from the ASSET Research Group's Sudipta Chattopadhyay, an associate professor at the University of Missouri-Kansas City, who shared the research with BleepingComputer.
The group published a proof-of-concept on GitHub this week and says it has disclosed the findings to the affected vendors.












