Why CXP Matters
Coding assistants automatically ingest project instruction files — CLAUDE.md, .cursorrules, AGENTS.md, and similar. Any attacker who can place or modify these files (supply chain compromise, malicious repository, dependency confusion) controls the assistant’s behavior for every developer working in that project.How It Works
The CXP workflow follows five steps:- Select objective and format — Choose an attack objective and the target context file format
- Generate — Create a poisoned context file with embedded adversarial instructions
- Deploy — Place the file in a project directory the coding assistant will ingest
- Observe — Monitor whether the assistant follows the injected instructions during code generation
- Validate — Assess assistant compliance with the built-in output validator
Built-in Components
- 5 attack objectives — Backdoor insertion, data exfiltration, dependency confusion, privilege escalation, command execution
- 6 format targets — CLAUDE.md, .cursorrules, .windsurfrules, AGENTS.md, GEMINI.md, .github/copilot-instructions.md
- 30 technique combinations — Full matrix of objectives and formats (5 x 6)
- Output validator — Automated assessment of assistant compliance with injected instructions
Next Steps
- CXP CLI Reference — Command reference for
countersignal cxp - Attack Objectives — Backdoor, exfiltration, dependency confusion, privilege escalation, command execution
- Assistant Formats — Supported coding assistant context file formats
- Output Validation — Validating whether the assistant followed injected instructions