A Hidden Comment in a GitHub Issue Almost Owned Our CI Pipeline
In February 2026, a prompt injection hidden in a GitHub issue title led to an npm supply chain compromise affecting 4,000 machines. A month before that, invisible HTML comments in issues caused Copilot to leak GITHUB_TOKEN values. My team had a near-miss of our own. Hereβs the anatomy of these attacks, what the IDEsaster disclosures revealed about the entire AI IDE ecosystem, and the 4-layer defense model that actually makes a difference.