The OWASP LLM risks become even more critical when you consider that AI coding agents now have shell access and can modify files directly. Prompt injection isn't just a chatbot problem anymore — it's a supply chain risk when an agent reads untrusted input (like a GitHub issue body) and executes code based on it.
Two practical mitigations I've found effective: 1) Sandboxing agent execution so it can't access credentials or production systems, and 2) Using pre-commit hooks that scan for common patterns like hardcoded secrets or suspicious shell commands in AI-generated code. Claude Code's hook system supports this natively, which helps enforce security gates in the CI pipeline automatically.