jqwik 1.10.0 contains hidden ANSI-obfuscated instructions targeting AI agents, invisible to humans in terminals but visible in logs and to LLMs reading CI output.
June 4, 2026
Summary
Any project running agentic coding tools against dependencies that surface test output to LLM context windows can execute unreviewed maintainer-injected commands. This reframes supply chain risk: trust is no longer enough if your agent treats build logs as instructions.
Why it matters
Any project running agentic coding tools against dependencies that surface test output to LLM context windows can execute unreviewed maintainer-injected commands. This reframes supply chain risk: trust is no longer enough if your agent treats build logs as instructions.
Implementation verdict
Audit your lockfiles for net.jqwik:jqwik-engine 1.10.0 and upgrade to 1.10.1 or drop the dependency entirely. The real fix is mandatory: sandbox agents with read-only filesystem access during test runs and treat all tool output as untrusted input. Worth implementing now regardless of whether you use jqwik—this pattern will repeat.
Sources
Dev Signal
Get briefs like this in your inbox — free, every weekday.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.