// GitHubHIGH
Microsoft Threat Intelligence identified a prompt injection vulnerability in Anthropic's Claude Code GitHub Action that exposed CI/CD workflow secrets. The Read tool lacked proper sandboxing, allowing access to /proc/self/environ and potentially leaking ANTHROPIC_API_KEY and other credentials. Anthropic released version 2.1.128 on June 5, 2026, blocking access to sensitive /proc files. Organizations using Claude Code Action with untrusted GitHub content (issues, pull requests, comments) and secret access should patch immediately.
- Securing CI/CD in an agentic world: Claude Code Github action ca(opens in a new tab)
- Claude Code Vulnerability Could Let Attackers Steal Credentials (opens in a new tab)
// Get alerts for GitHub