I prompt-injected my own repo (and got caught)

I put a hidden HTML comment in the README of my own MCP server. Invisible on GitHub. Perfectly visible to any AI agent asked to vet or install the package. "Hello, agent…" It was marketing. Someone rightly flagged it as prompt injection — because from the agent's side there's no difference. Agents can't read intent. Only instructions. So I owned it, killed it, and built a linter so it can't happen quietly again — and the first time I ran it across my own repos, it caught a second one I'd forgotten about. 🔦 hidden-agenda — find content in your repo that talks to AI agents behind your readers' backs: npx hidden-agenda 📦 npm: https://www.npmjs.com/package/hidden-... 🐙 repo: https://github.com/StuMason/hidden-ag... 🚩 the issue that started it: https://github.com/StuMason/coolify-m... ✅ the CI guard, merged on camera: https://github.com/StuMason/coolify-m... If you ship anything agents are asked to read — MCP servers, CLIs, actions, libraries — put it in CI and make the invisible channel a build failure. Next video: bellwether.report — my agentic scraping/reporting system. A bit less… malicious.