TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Context Hub, a service launched by Andrew Ng to supply coding agents with up-to-date API documentation via MCP, has been shown to be vulnerable to a supply chain attack. Researcher Mickey Shmueli published a proof-of-concept demonstrating that malicious instructions can be embedded in documentation submitted as GitHub pull requests, with no content sanitization in the pipeline. Poisoned docs can trick coding agents into adding fake or malicious PyPI packages to project dependency files. Testing showed Anthropic's Haiku model was fooled 100% of the time, Sonnet 53% of the time, and only Opus reliably avoided the trap. The attack is a variant of indirect prompt injection, and Shmueli notes that all similar community-authored documentation systems share the same sanitization gap.

Documentation can contain malicious instructions for agents