Researchers have found that malicious code repositories can silently execute commands through AI coding assistants including Claude Code, Cursor, Gemini CLI, and GitHub Copilot CLI, with inadequate warning prompts doing little to stop the attack.