Claude Code can be hijacked via a poisoned repo
Until last month, the pitch was 'hand it a repo and it runs.' That same auto-import step is now confirmed as an attack surface.
Claude Code runs hidden malware in GitHub repos without verification, handing attackers full control (THE DECODER). Auto-import is the attack surface.
Anyone running Claude Code in CI or locally should sandbox or add commit-signature checks now. Personal, low-volume use is lower risk.