Claude Code GitHub Actions Flaw Exposes Repositories to Full Compromise

A critical vulnerability in Anthropic’s Claude Code GitHub Actions allowed attackers to bypass permission validation via malicious GitHub Apps and crafted issues, enabling prompt-injection-style payloads that exfiltrated secrets (including OIDC credentials) and could lead to full repository compromise and downstream supply-chain attacks; Anthropic released fixes (v1.0.94) and researchers reported active exploitation with a CVSS score of 7.8.