Claude Code GitHub Action had prompt injection flaw, Microsoft says

Decrypt

Microsoft researchers discovered a prompt injection vulnerability in Anthropic's Claude Code GitHub Action that could allow attackers to steal credentials from CI/CD pipelines. Anthropic patched the issue in May after a coordinated disclosure through HackerOne. The attack relies on malicious instructions hidden in GitHub issues or pull requests.

Claude CodeAnthropic

Decrypt·Jason Nelson

Jun 6, 6:08 PM