agent-oversight Prompt Injection in AI Coding Agents: 3 Attack Vectors, 4 Defenses A single PR comment achieves 85% exploit success against Claude Code, Gemini CLI, and GitHub Copilot. Here's the full attack surface and the four-layer defensive stack that actually bounds the damage.