A GitHub Issue Title Compromised 4,000 Developer Machines
kept by eddie
A prompt injection in a GitHub issue title tricked an AI triage bot into executing code, enabling cache poisoning, credential theft, and publication of a compromised Cline npm package that silently installed the OpenClaw AI agent on 4,000 developer machines.