GhostApproval: Symlink Flaw Lets Malicious Repos Escape AI Coding Sandboxes
Wiz researchers discover six major AI coding assistants vulnerable to symlink attacks. Malicious repos can trick Claude Code, Cursor, and Amazon Q into writing files outside designated workspaces.