Microsoft Threat Intelligence researchers identified a prompt injection vulnerability in Claude Code GitHub Action that could potentially allow attackers to access workflow secrets under specific conditions. The vulnerability was responsibly disclosed to Anthropic, which has implemented mitigations; the research is intended to guide developers on securing AI-powered CI/CD workflows.