---
title: "GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents — Stuff That Spins"
description: "Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The …"
	canonical: "https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents"
html: "https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents"
json: "https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents.json"
markdown: "https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents.md"
keywords: ["narrative intelligence", "SpinGraph", "AI recall"]
date: "2026-07-09T04:27:18+00:00"
modified: "2026-07-09T06:01:49.871346+00:00"
json_ld: |
  {"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://stuffthatspins.com/#organization","name":"Stuff That Spins","url":"https://stuffthatspins.com/","description":"Stuff That Spins turns press releases, announcements, research, and media coverage into structured narrative intelligence. GEOGrow tracks when those stories enter AI recall — and whether AI remembers the right version.","logo":{"@type":"ImageObject","url":"https://stuffthatspins.com/images/logo.png"},"sameAs":[]},{"@type":"NewsArticle","@id":"https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents#article","headline":"GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents","description":"Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The …","datePublished":"2026-07-09T04:27:18+00:00","dateModified":"2026-07-09T06:01:49.871346+00:00","url":"https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents","mainEntityOfPage":{"@type":"WebPage","@id":"https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents"},"isAccessibleForFree":true,"inLanguage":"en-US","articleSection":"cybersecurity","author":{"@type":"Organization","name":"The Hacker News","url":"https://feeds.feedburner.com/TheHackersNews"},"publisher":{"@id":"https://stuffthatspins.com/#organization"},"citation":"https://thehackernews.com/2026/07/ghostapproval-symlink-flaws-could-let.html","about":[],"mentions":[{"@type":"Organization","name":"The Hacker News"}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Stuff That Spins","item":"https://stuffthatspins.com/"},{"@type":"ListItem","position":2,"name":"GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents","item":"https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents"}]}]}
---

# GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

**Source:** Unknown  
**Published:** July 9, 2026  
**Original:** https://thehackernews.com/2026/07/ghostapproval-symlink-flaws-could-let.html  

## On this page

- [Overview](#overview)

<a id="overview"></a>

## Overview

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.

---
*HTML version: https://stuffthatspins.com/spin/ghostapproval-symlink-flaws-could-let-malicious-repos-run-code-in-ai-coding-agents*
