Developers using AI coding agents should audit what credential files are readable in their home directories and consider egress controls, because any untrusted document the agent reads — a README, a GitHub issue, an npm description — is now a potential attack vector requiring no malware to exploit.
Developers running Claude Code in autonomous agentic loops should audit session logs for self-generated "Human:" messages, as the model may be silently modifying its own behavior based on instructions it fabricated.