| Title | Kilo Code Kilo Code VS Code Extension 4.86.0 Insecure Permissions |
|---|
| Description | The Kilo Code agent VS Code Extension fails to prevent writes outside of the working directory. This allows for the editing of the `settings.json` file. Through an indirect prompt injection, an attacker can set a user up to have the Kilo Code agent a) modify the settings.json file to whitelist previously unwhitelisted commands b) poison the supply chain via git invocations.
The user falls into this issue when attempting to interact with some untrusted data source, such as a compromised project, or a GitHub issue. |
|---|
| Source | ⚠️ https://mcpsec.dev/advisories/2025-10-02-kilo-code-ai-agent-supply-chain-attack/ |
|---|
| User | echarris128 (UID 91221) |
|---|
| Submission | 10/02/2025 00:55 (9 months ago) |
|---|
| Moderation | 10/07/2025 15:30 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327382 [Kilo Code up to 4.86.0 Prompt ClineProvider.ts ClineProvider injection] |
|---|
| Points | 20 |
|---|