Security researcher Aonan Guan has uncovered a prompt injection attack called Comment and Control that can hijack popular AI coding tools including Claude Code Security Review, Google's Gemini CLI, and GitHub Copilot Agent. The vulnerability allows attackers to use specially crafted GitHub comments or pull request titles to trick AI agents into executing malicious commands and exfiltrating credentials, with the attack automatically triggered by GitHub Actions workflows. While Anthropic classified the issue as critical and all three companies confirmed the findings, the core problem is architectural: these AI agents process untrusted user input while having access to powerful execution tools and production secrets in the same runtime environment.