Review: Clinejection Incident Analysis and Release-Pipeline Hardening for WordPress/Drupal Agent Teams

The Clinejection incident is worth studying because it was not a single bug. It was a chain: prompt injection pressure in an AI-enabled workflow, CI/CD trust boundary weaknesses, and token lifecycle failures during response. If you run coding agents on WordPress or Drupal repositories, this is directly relevant to your release pipeline. What Happened (With Dates) Based on the public disclosure and advisory trail: On December 21, 2025 , Cline added AI issue-triage automation in GitHub Actions. On January 1, 2026 , the issue was reportedly disclosed privately by the researcher. On February 9, 2026 , public disclosure landed and Cline merged workflow hardening changes (removing AI triage/review workflows and publish caching). On February 17, 2026 at 3:26 AM PT , an unauthorized publish pushed cline@2.3.0 to npm with a modified postinstall . On February 17, 2026 at 11:23 AM PT , 2.4.0 was published; at 11:30 AM PT , 2.3.0 was deprecated. GitHub advisory scope: affected version 2.3.0 , patc