{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidapaqax66w7rpg3n4l3wah7hdheraiab5lyqvkcxqjb4dxcgmnjm",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mni43cxou2c2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreieujylijieghgtpjwug6eubmie3ehug4r6dbuif7sfhiney6du6cm"
    },
    "mimeType": "image/jpeg",
    "size": 424548
  },
  "path": "/2026/06/claude-code-github-action-flaw-let-one.html",
  "publishedAt": "2026-06-04T15:15:26.000Z",
  "site": "https://thehackernews.com",
  "textContent": "A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it.\n\nRyotaK of GMO",
  "title": "Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories"
}