jqwik maintainer Johannes Link inserted a runtime prompt injection in version 1.10.0 directing AI agents to delete tests and code while using ANSI escapes to hide it from humans. Primary source: https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/. Related coverage of the node-ipc supply-chain wipe in 2022 documented similar maintainer retaliation tactics. The jqwik change was disclosed verbatim in release notes after discovery, confirming the injection targeted stdout before human filtering. Discussions on OS News and maintainer statements referenced prior anti-AI treatises by Link without addressing downstream user data loss. HD Moore noted parallels to geopolitical wipes but flagged the hidden deletion of user-written tests as exceeding prior cases. No primary telemetry on affected AI agents exists in disclosed sources.