AI coding agents can be tricked into installing malware via ‘clean’ GitHub repositories — Mozilla’s 0din team shows how Claude Code can be exploited by its own helpfulness