Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Arbor separates strategy from execution using isolated git worktrees, so engineering teams can finally trace which optimization actually moved the needle.