Trusting Claude With a Knife: Unauthorized Prompt Injection to RCE in Anthropic’s Claude Code Action

johnstawinski.com

An external attacker could submit a pull request to any repository using Claude Code Action, wait for a reviewer to trigger the action, and then replace the PR title with a prompt injection payload…