Coinbase AgentKit Prompt Injection Vulnerability

The post details a security vulnerability in Coinbase’s AgentKit involving prompt injection attacks. These attacks could lead to wallet draining, infinite token approvals, and remote code execution (RCE) at the agent level. Coinbase validated the findings, and an on-chain proof-of-concept (PoC) was provided. The issue is documented in an external research report linked in the post.