A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
The content is available on GitHub. The code is released under the MIT license. A second edition has now been released (using OpenCV4). The book is also available as a Udemy course.