Context Hub, a service launched by Andrew Ng to supply coding agents with up-to-date API documentation via MCP, has been shown to be vulnerable to a supply chain attack. Researcher Mickey Shmueli published a proof-of-concept demonstrating that malicious instructions can be embedded in documentation submitted as GitHub pull requests, with no content sanitization in the pipeline. Poisoned docs can trick coding agents into adding fake or malicious PyPI packages to project dependency files. Testing showed Anthropic's Haiku model was fooled 100% of the time, Sonnet 53% of the time, and only Opus reliably avoided the trap. The attack is a variant of indirect prompt injection, and Shmueli notes that all similar community-authored documentation systems share the same sanitization gap.
Sort: