ci/cd

A flawed permission check in Anthropic's Claude Code GitHub Action allowed unauthenticated attackers to use prompt injection via a single crafted GitHub issue to steal CI/CD secrets and push malicious code to any downstream repository. Patched in v1.0.94.