New video is live: “Clinejection: One Misconfigured GitHub Action Can Compromise Your App (Deep Dive & Lessons Learned)”.
In this deep dive, I break down how a single misconfigured GitHub Action, combined with prompt injection and cache poisoning, could escalate into a full supply-chain compromise. It’s a great reminder that AppSec reviews need to go beyond application code and include CI/CD, workflows, caches, and release permissions.
Watch it here: https://youtu.be/JJvSyhIJzYk