A developer added an undisclosed prompt injection to jqwik that instructed AI coding agents to delete application output.
What actually happened is simple, and not especially comforting. Someone inserted text into jqwik that was not meant for human developers so much as the AI tools reading the code around it. The instruction reportedly told coding agents to delete app output. That is prompt injection: a command aimed at an AI system that treats nearby text as instructions instead of inert project material.
Why it matters is that AI coding agents now read far more than the prompt a developer types. They scan source files, comments, documentation, dependency code, and whatever else a workflow hands them. That creates a weird new attack surface where hostile text can sit inside normal-looking software and wait for an overeager assistant to follow orders. The risk is not that one library magically wipes the internet. The risk is that teams are giving tools file access, build access, and sometimes production-adjacent access before deciding how much those tools should trust what they read.
This is the dull version of the AI coding story: not a robot replacing engineers, just one more way automation can do exactly the wrong thing very quickly.