Securing CI/CD in an agentic world: Claude Code Github action case
ID: 6b52f966-2536-55a8-9f3b-389bc5ad91df
STIX ID: report--6b52f966-2536-55a8-9f3b-389bc5ad91df
Feed Name: Microsoft Security
Date Published: 2026-06-05
Date Updated: 2026-06-06
Author: Microsoft Defender Security Research Team, Dor Edry and Amit Eliahu
Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action allowed its Read tool to bypass subprocess environment scrubbing and read /proc/self/environ, leaking workflow secrets (e.g., ANTHROPIC_API_KEY) through prompt-injection in untrusted issue/PR content; the flaw could enable supply-chain XSS, credential exfiltration, and automated malicious commits, and was mitigated by Anthropic in Claude Code 2.1.128.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.