AI coding agents like Cursor, Windsurf, Devon, and GitHub Copilot are vulnerable to "indirect pro..., Sonic AI
“AI coding agents like Cursor, Windsurf, Devon, and GitHub Copilot are vulnerable to "indirect prompt injection," where they could be instructed by a malicious website to insert a virus into a user's codebase.”