Why coding agents are different
A coding agent may treat project files and issue text as task context. Hidden instructions can influence what the agent edits, runs, uploads, or summarizes.
Where exposure usually appears
Risk often appears in release docs, workflow files, prompt folders, logs, internal runbooks, seed scripts, and markdown instructions that were never written for autonomous tooling.
How CapitalGuard helps
CapitalGuard identifies prompt-injection exposure paths and turns findings into practical policy rules and developer-facing prevention steps.