Prompt Injection Flaw in Claude Code Could Expose GitHub Credentials
Microsoft researchers warn that prompt injection attacks could allow hackers to steal credentials from GitHub via AI coding agents.
Microsoft security researchers have identified a vulnerability in Claude Code, an AI-powered coding assistant, that could enable attackers to steal credentials from GitHub repositories through prompt injection attacks.
The flaw exploits how the AI agent interprets user inputs. By embedding malicious instructions in seemingly benign prompts, an attacker could manipulate the agent to access and exfiltrate sensitive tokens stored in CI/CD pipeline configurations.
Potential Impact
- Credentials such as API keys and access tokens could be compromised.
- Attackers could gain unauthorized access to private repositories.
- The vulnerability affects development teams using Claude Code integrated with GitHub.
Microsoft has not yet confirmed a timeline for a fix, but advises developers to review their AI agent configurations and limit permissions for sensitive credentials as a precautionary measure.