{"data":{"id":"917acfb1-6664-4972-915c-63fe6489e4b4","title":"Securing CI/CD in an agentic world: Claude Code Github action case","summary":"Microsoft Threat Intelligence found that Anthropic's Claude Code GitHub Action could expose sensitive credentials when AI agents process untrusted GitHub content (like issue descriptions and comments) because the Read tool wasn't properly sandboxed, allowing it to access /proc/self/environ and steal API keys. Attackers exploited this by hiding prompt injection (tricking an AI by hiding instructions in its input) attacks in HTML comments within GitHub issues to manipulate the AI agent into executing malicious operations like planting code into repositories.","solution":"Anthropic mitigated this issue in Claude Code version 2.1.128 by blocking access to sensitive /proc files. Microsoft also recommends that defenders treat AI workflows processing untrusted GitHub content as high-risk, especially when they have access to secrets, file-read tools, or external communication channels.","labels":["security","safety"],"sourceUrl":"https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/","publishedAt":"2026-06-05T16:46:47.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code","Claude Code GitHub Action","GitHub Actions"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-05T16:46:47.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}