Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control
Claude Code is vulnerable to hidden malware in GitHub repos. Researchers demonstrated how a compromised repo can execute malicious code on a developer's machine when using the AI coding tool.