// Alert

GitHub threat report

Microsoft Threat Intelligence identified a prompt injection vulnerability in Anthropic's Claude Code GitHub Action that exposed CI/CD workflow secrets. The Read tool lacked proper sandboxing, allowing access to /proc/self/environ and potentially leaking ANTHROPIC_API_KEY and other credentials. Anthropic released version 2.1.128 on June 5, 2026, blocking access to sensitive /proc files. Organizations using Claude Code Action with untrusted GitHub content (issues, pull requests, comments) and secret access should patch immediately.

// Get alerts for GitHub