Google and Microsoft just published a security skill for AI coding agents. Fixes the browser layer that every vibe-coded app gets wrong by default. Simple installation for Cursor, Claude Code, Copilot, or Windsurf.
https://t.co/H3mRtSasj1
#WebSecurity#VibeCoding#AIAgents
Your AI agent is fast and powerful. But it doesn't have live threat intel on packages installed 5 minutes ago.
You are the last line of defense.
Pin your deps. Audit your installs. Brief your agent.
๐ RT to protect other vibe-coders.
#npm#security#vibecoding#claudecode
๐จ SECURITY ALERT for vibe-coders and AI agent users (Cursor, Claude Code, Copilot, Windsurf):
The mini-shai-hulud supply chain worm is actively spreading through npm.
If your package.json uses ^ or ~ version ranges, you may already be infected.
Thread ๐งต
โ All deps pinned with exact versions
โ package-lock.json committed to git
โ npm audit = 0 HIGH/CRITICAL
โ Agent instructed to audit before installing
โ "overrides" used for any vulnerable transitive deps
โ .env is in .gitignore
Screenshot this. Check it every session.