This work systematically investigates the security risks posed by agentic AI programming assistants that rely on unvetted external resources, revealing their susceptibility to prompt injection attacks that can hijack them into executing arbitrary malicious commands. The study introduces an integrated methodology combining security analysis, attack simulation, and empirical measurement to quantify the prevalence and effectiveness of such attacks. By monitoring the behavior of mainstream coding assistants and tracing input provenance, the research demonstrates that adversarial prompts concealed within external artifacts can bypass existing defenses and compel assistants to execute arbitrary system commands. These findings expose fundamental limitations in current mitigation strategies and establish a critical empirical foundation for future research on securing AI agents.

Agentic AI coding assistants can edit files, run commands, and access the internet on behalf of developers. However, their reliance on unvetted external artifacts introduces a new attack vector. Hidden instructions in external artifacts can hijack these assistants, turning them into an attacker's shell to run unauthorized commands. In this article, we examine how these prompt injection attacks work, measure their prevalence, discuss the limitations and challenges of current defenses, and suggest future research directions.