Tag: chatgpt

• June 18, 2026

  Repo-jacking Anthropic’s Claude Community Plugins (And the SHAs That Saved Them)

  Several Claude Community Plugins were vulnerable to repo-jacking. The direct code installation path was mitigated by SHA checks, but Claude Code’s “view plugin UI” feature would redirect users to the repo-jacked repository, opening up a social engineering vector leveraging trusted community plugins. Based on my experience, supply chain and social engineering are the easiest ways…