GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
New research from Adversa AI, dubbed GuardFall, revealed a bypass for safety checks in open-source AI coding agents. This bypass exploits a decades-old shell injection trick, allowing dangerous commands to run. The research found GuardFall effective against ten of eleven popular open-source coding and computer-use agents tested by the firm. Only the agent named "Continue" was not susceptible to this vulnerability.
Developers using open-source AI coding agents face risks from GuardFall, a bypass exploiting decades-old shell injection tricks to execute dangerous commands.


