Trusting Claude With a Knife: Unauthorized Prompt Injection to RCE in Anthropic’s Claude Code Action
An external attacker could submit a pull request to any repository using Claude Code Action, wait for a reviewer to trigger the action, and then replace the PR title with a prompt injection payload, resulting in remote code execution within a privileged GitHub Actions workflow. When does prompt injection matter? In the 2022-era of Large…
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
When multiple DevOps platforms work together to execute pipelines for a single GitHub repository, it begs the question: Do these platforms get along? Node.js, the most popular JavaScript runtime in the world, uses a set of triplets to execute its CI/CD pipelines: a GitHub App, GitHub Actions workflows, and Jenkins pipelines. Like many children, parenting…
CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow them to execute code within a GitHub Actions workflow in most repositories using CodeQL, GitHub’s code analysis engine trusted by…
John Stawinski IV 