Monthly
{{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1.
Prompt injection in 1millionbot Millie chatbot allows remote attackers to bypass chat restrictions using Boolean logic techniques, enabling retrieval of prohibited information and execution of unintended tasks including potential abuse of OpenAI API keys. The vulnerability exploits insufficient input validation in the LLM's containment mechanisms, permitting attackers to reformulate queries in ways that trigger affirmative responses ('true') that then execute injected instructions outside the chatbot's intended scope.
{{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1.
Prompt injection in 1millionbot Millie chatbot allows remote attackers to bypass chat restrictions using Boolean logic techniques, enabling retrieval of prohibited information and execution of unintended tasks including potential abuse of OpenAI API keys. The vulnerability exploits insufficient input validation in the LLM's containment mechanisms, permitting attackers to reformulate queries in ways that trigger affirmative responses ('true') that then execute injected instructions outside the chatbot's intended scope.