Sahil Kathpal
Software Engineer building Grass — mobile access for Claude Code and AI coding agents
An April 2026 CVSS 9.4 vulnerability demonstrated that crafted PR titles can prompt-inject Claude Code agents running in GitHub Actions and cause them to exfiltrate ANTHROPIC_API_KEY values to attacker-controlled endpoints. The fix is a five-control ...
codeongrass.hashnode.dev13 min readNo responses yet.