Supply-Chain

• Clinejection: How a GitHub Issue Title Took Down a 5 Million User Tool March 5, 2026

  In February 2026, an attacker used a GitHub issue title to hijack Cline's AI triage bot, poison its Actions cache, and publish a malicious npm package to 5 million developers. Every failure point was a documented misconfiguration. This is what went wrong, and what you do differently.