Windsurf Finding 2: Indirect Prompt Injection and Credential Exfiltration via GitHub Gists
How a hidden HTML comment in a GitHub Gist caused Windsurf’s Cascade agent to read SSH keys and AWS credentials, then exfiltrate them to an attacker-controlled endpoint with …