RivasSec

Infrastructure. Security. Insight.

Field notes on infrastructure security, cloud hardening, Kubernetes, IAM, and OSINT by RivasSec.

Prompt Injection Will Become a Supply Chain Evasion Technique

Posted on Fri 12 June 2026 in Threat Intelligence • 4 min read

ai
supply-chain
prompt-injection
evasion
defensive-architecture

Prompt injection's threat model is older than the term. The mechanism is new, the objective is the evasion goal attackers have pursued for decades.

Bandit-Clean Pwnagotchi Plugins: How `subprocess` Goes From Risk to Routine

Posted on Wed 10 June 2026 in DevSecOps • 9 min read

pwnagotchi
python
bandit
subprocess
security
supply-chain
hardening

Pwnagotchi plugins live one shell=True away from local code execution. Walking through the hardening of bt-tether-multi against Bandit B602/B603/B607: full-path resolution with shutil.which(), argv-list invocations, MAC and name validation, and the # nosec discipline. The patterns generalize to anything that shells out from Python.