16:44
2026-06-04
thenextweb.com
ai-safety
A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it
A flaw in Anthropic's Claude Code GitHub Action allowed attackers to bypass permission checks via a fake bot account and use prompt injection to steal OIDC tokens, gaining write access to any vulnerab…