Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

By focusing on six characteristics, the study claims you could reach "near-perfect accuracy" at detecting AI deepfakes.