Decades-old Bash tricks are being used to test whether open-source AI coding agents can be pushed past their safety checks and into dangerous repository-driven workflows.