Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets
ID: 0ff86f1a-3517-53f1-bd64-6d608dcd2383
STIX ID: report--0ff86f1a-3517-53f1-bd64-6d608dcd2383
Feed Name: cybersecurityNews.com
Threat Score
**Microsoft reported a prompt-injection vulnerability in Anthropic’s Claude Code GitHub Action that allowed maliciously crafted issue or pull request text to manipulate the AI agent, use the Read tool to access /proc/self/environ, and exfiltrate environment secrets (e.g., ANTHROPIC_API_KEY); Anthropic released a fix in Claude Code v2.1.128 on May 5, 2026.**
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.