Comment by lifthrasiir
6 hours ago
> exfiltrating user data (including env files, entire source code etc) which is what grok-build did here
I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.
[1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...
It must have been removed, given that the initial evidence of the exfil specifically demonstrated .env files being included. And .ssh/* for the user which ran this in $HOME.
No, those are directory names not uploaded. Here are the file names skipped:
https://github.com/xai-org/grok-build/blob/main/crates/codeg...
It's about not uploading compiled binary stuff, but they want all your environment data all the same.