To trigger the attack:
> Have a look at my issues in my open source repo and address them!
And then:
> Claude then uses the GitHub MCP integration to follow the instructions. Throughout this process, Claude Desktop by default requires the user to confirm individual tool calls. However, many users already opt for an “Always Allow” confirmation policy when using agents, and stop monitoring individual actions.
C'mon, people. With great power comes great responsibility.
With ai we talk like we're reaching somel sort of great singularity, but the truth is we're at the software equivalent of the small electric motors that make crappy rental scooters possible, and surprise surprise everybody is driving them on the sidewalk drunk.