{"data":{"id":"ac806a23-4aa4-4f48-9d27-ca0de94aad65","title":"'TrustFall' Convention Exposes Claude Code Execution Risk","summary":"A security issue called 'TrustFall' allows malicious code repositories to execute code in Claude Code, Cursor CLI (a code editor tool), Gemini CLI, and CoPilot CLI (command-line interfaces for AI coding tools) with little or no user action needed, because the warning messages shown to users are minimal and easy to ignore. This means an attacker could potentially run harmful code on a developer's computer without much effort.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://www.darkreading.com/application-security/trustfall-exposes-claude-code-execution-risk","publishedAt":"2026-05-07T13:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","Microsoft"],"affectedVendorsRaw":["Claude Code","Cursor CLI","Gemini CLI","CoPilot CLI","Google Gemini","Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-07T13:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}