Update anthropics/claude-code-action action to v1.0.106

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Pending
anthropics/claude-code-action	action	patch	v1.0.12 → v1.0.106	v1.0.118 (+11)

---

Release Notes

anthropics/claude-code-action (anthropics/claude-code-action)

v1.0.106

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.106

v1.0.105

Compare Source

What's Changed

• fix: allow + in branch names (generated by Claude Code EnterWorktree) by @​awakia in #​1248

New Contributors

• @​awakia made their first contribution in #​1248

Full Changelog: anthropics/claude-code-action@v1...v1.0.105

v1.0.104

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.104

v1.0.103

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.103

v1.0.102

Compare Source

What's Changed

• chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) by @​ashwin-ant in #​1238
• docs: nit updates to security.md by @​OctavianGuzu in #​1240

Full Changelog: anthropics/claude-code-action@v1...v1.0.102

v1.0.101

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.101

v1.0.100

Compare Source

What's Changed

• Upgrade Claude model from opus-4-6 to opus-4-7 by @​ashwin-ant in #​1227
• fix: pass install.sh binary path to Agent SDK after 0.2.113 bump by @​ashwin-ant in #​1235

Full Changelog: anthropics/claude-code-action@v1...v1.0.100

v1.0.99

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.99

v1.0.98

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.98

v1.0.97

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.97

v1.0.96

Compare Source

What's Changed

• fix: handle fork PRs by fetching via refs/pull/N/head by @​stakeswky in #​963

New Contributors

• @​stakeswky made their first contribution in #​963

Full Changelog: anthropics/claude-code-action@v1...v1.0.96

v1.0.95

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.95

v1.0.94

Compare Source

What's Changed

• Prepend system bin dirs to PATH when allowed_non_write_users is set by @​OctavianGuzu in #​1208

Full Changelog: anthropics/claude-code-action@v1...v1.0.94

v1.0.93

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.93

v1.0.92

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.92

v1.0.91

Compare Source

What's Changed

• Use pinned bun binary for post-steps when allowed_non_write_users is set by @​OctavianGuzu in #​1190

Full Changelog: anthropics/claude-code-action@v1...v1.0.91

v1.0.90

Compare Source

What's Changed

• fix: forward MCP_TIMEOUT, MCP_TOOL_TIMEOUT, MAX_MCP_OUTPUT_TOKENS to action step by @​qozle in #​1162
• security: reject PATH_TO_CLAUDE_CODE_EXECUTABLE with control characters by @​qozle in #​1185

Full Changelog: anthropics/claude-code-action@v1...v1.0.90

v1.0.89

Compare Source

What's Changed

• fix: skip token revocation when no token was acquired by @​Dave-London in #​918
• Use env vars for workflow_run context values in example workflows by @​ddworken in #​1125
• docs: document include/exclude_comments_by_actor inputs by @​yuribodo in #​1130
• fix: use correct fallback type for reviewData in fetcher by @​MaxwellCalkin in #​1034
• Strip OIDC token request env vars from Claude session by @​chyipin in #​1011
• fix: skip retries for non-retryable errors in retryWithBackoff by @​ei-grad in #​1082
• fix: restore ripgrep execute bits after bun install --production by @​qozle in #​1163
• fix: allow # in branch names for PR checkout and base restore by @​qozle in #​1167
• fix: prevent hang in restoreConfigFromBase on repos with .gitmodules by @​qozle in #​1166
• fix: strip shell comment lines before parsing claude_args by @​VoidChecksum in #​1055
• fix: snapshot PR's .claude/ to .claude-pr/ before security restore by @​qozle in #​1172
• chore: fix prettier formatting by @​ashwin-ant in #​1171
• chore: fix prettier formatting in parse-sdk-options.test.ts by @​ashwin-ant in #​1176
• fix: pin bun runtime config and improve log hygiene by @​ashwin-ant in #​1174

New Contributors

• @​yuribodo made their first contribution in #​1130
• @​MaxwellCalkin made their first contribution in #​1034
• @​chyipin made their first contribution in #​1011
• @​ei-grad made their first contribution in #​1082
• @​qozle made their first contribution in #​1163
• @​VoidChecksum made their first contribution in #​1055

Full Changelog: anthropics/claude-code-action@v1...v1.0.89

v1.0.88

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.88

v1.0.87

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.87

v1.0.86

Compare Source

What's Changed

• Fix subprocess isolation install step not running by @​OctavianGuzu in #​1148
• Pass env to execFileSync git calls by @​OctavianGuzu in #​1151

Full Changelog: anthropics/claude-code-action@v1...v1.0.86

v1.0.85

Compare Source

What's Changed

• fix: fall back to repo default_branch instead of hardcoded "main" by @​ashwin-ant in #​1143

Full Changelog: anthropics/claude-code-action@v1...v1.0.85

v1.0.84

Compare Source

What's Changed

• Pin Claude Code to 2.1.87 by @​ashwin-ant in #​1142

Full Changelog: anthropics/claude-code-action@v1...v1.0.84

v1.0.83

Compare Source

What's Changed

• Add subprocess isolation setup and git credential helper by @​OctavianGuzu in #​1132

Full Changelog: anthropics/claude-code-action@v1...v1.0.83

v1.0.82

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.82

v1.0.81

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.81

v1.0.80

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.80

v1.0.79

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.79

v1.0.78

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.78

v1.0.77

Compare Source

Subprocess environment scrubbing for untrusted-input workflows

Workflows that configure allowed_non_write_users now automatically get CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1, which makes Claude Code (v2.1.79+) strip Anthropic and cloud provider credentials from the environment of subprocesses it spawns (Bash tool, hooks, MCP stdio servers). The parent Claude process keeps these vars for its own API calls — only child subprocess environments are scrubbed.

Why: Workflows that process untrusted input (issue triage, PR review from non-write users) are exposed to prompt injection. A malicious issue body could trick Claude into running a Bash command that reads $ANTHROPIC_API_KEY via shell expansion and leaks it through an observable side channel. Scrubbing the subprocess environment removes the read primitive entirely.

What's scrubbed: Anthropic auth tokens, cloud provider credentials, GitHub Actions OIDC and runtime tokens, OTEL auth headers.

What's kept: GITHUB_TOKEN / GH_TOKEN — so wrapper scripts can still call the GitHub API.

Opt out: Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB: "0" at the job or step level if your workflow legitimately needs a subprocess to inherit these credentials.

No action required for most users — if you've configured allowed_non_write_users, scrubbing is now on automatically. If your workflow breaks because a subprocess expected inherited credentials, re-inject them explicitly (e.g., via MCP server env: config) or use the opt-out.

What's Changed

• Auto-set subprocess env scrub when allowed_non_write_users is configured by @​OctavianGuzu in #​1093

Full Changelog: anthropics/claude-code-action@v1.0.76...v1.0.77

v1.0.76

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.76

v1.0.75

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.75

v1.0.74

Compare Source

What's Changed

• Restore .claude/ and .mcp.json from PR base branch before CLI runs by @​km-anthropic in #​1066
• Remove redundant git status/diff/log from tag mode allowlist by @​ddworken in #​1075

Full Changelog: anthropics/claude-code-action@v1...v1.0.74

v1.0.73

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.73

v1.0.72

Compare Source

What's Changed

• Harden tag mode tool permissions against prompt injection by @​km-anthropic in #​1002

Full Changelog: anthropics/claude-code-action@v1...v1.0.72

v1.0.71

Compare Source

What's Changed

• docs: warn that allowed_bots can expose the action to external triggers by @​an-dustin in #​1039
• feat(inline-comment): add confirmed param + probe-pattern safety net by @​km-anthropic in #​1048

New Contributors

• @​an-dustin made their first contribution in #​1039

Full Changelog: anthropics/claude-code-action@v1...v1.0.71

v1.0.70

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.70

v1.0.69

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.69

v1.0.68

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.68

v1.0.67

Compare Source

What's Changed

• Improve gh.sh wrapper: stricter validation and better error messages by @​OctavianGuzu in #​996

Full Changelog: anthropics/claude-code-action@v1...v1.0.67

v1.0.66

Compare Source

What's Changed

• Only expose permission_denials count in sanitized output by @​ddworken in #​993

Full Changelog: anthropics/claude-code-action@v1...v1.0.66

v1.0.65

Compare Source

What's Changed

• Change the default display_report option to false to restrict exposed data by @​ddworken in #​992

Full Changelog: anthropics/claude-code-action@v1...v1.0.65

v1.0.64

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.64

v1.0.63

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.63

v1.0.62

Compare Source

What's Changed

• Add gh.sh wrapper for gh CLI commands in issue triage workflows by @​OctavianGuzu in #​975

Full Changelog: anthropics/claude-code-action@v1...v1.0.62

v1.0.61

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.61

v1.0.60

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.60

v1.0.59

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.59

v1.0.58

Compare Source

What's Changed

• Add non-write users check workflow by @​OctavianGuzu in #​973

Full Changelog: anthropics/claude-code-action@v1...v1.0.58

v1.0.57

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.57

v1.0.56

Compare Source

What's Changed

• Use wrapper script for label operations in issue triage by @​OctavianGuzu in #​968

Full Changelog: anthropics/claude-code-action@v1...v1.0.56

v1.0.55

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.55

v1.0.54

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.54

v1.0.53

Compare Source

What's Changed

• fix: grant write permissions and use @​main in claude workflow by @​ashwin-ant in #​950
• feat: add display_report option to disable step summary by @​ashwin-ant in #​952

Full Changelog: anthropics/claude-code-action@v1...v1.0.53

v1.0.52

Compare Source

What's Changed

• Fix stale claudeCodeVersion and update bump script to keep run.ts in sync by @​ashwin-ant in #​943
• fix: revert to colon-based wildcard syntax for git permissions by @​ashwin-ant in #​949

Full Changelog: anthropics/claude-code-action@v1...v1.0.52

v1.0.51

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.51

v1.0.50

Compare Source

What's Changed

• revert: undo PR checkout fork support and unique branch naming by @​ashwin-ant in #​937

Full Changelog: anthropics/claude-code-action@v1...v1.0.50

v1.0.49

Compare Source

What's Changed

• fix: replace deprecated :* with modern * wildcard in git permissions by @​Dave-London in #​929
• fix: skip CI MCP server installation when actions:read permission is missing by @​OctavianGuzu in #​933
• Fix/PR checkout branch name conflicts by @​kirisame-wang in #​931

New Contributors

• @​OctavianGuzu made their first contribution in #​933
• @​kirisame-wang made their first contribution in #​931

Full Changelog: anthropics/claude-code-action@v1...v1.0.49

v1.0.48

Compare Source

What's Changed

• Fix PR checkout to support fork PRs by @​Tsuesun in #​851

New Contributors

• @​Tsuesun made their first contribution in #​851

Full Changelog: anthropics/claude-code-action@v1...v1.0.48

v1.0.47

Compare Source

What's Changed

• Update claude-opus-4-5 to claude-opus-4-6 in workflow by @​ashwin-ant in #​909
• fix: skip dev dependencies in CI install step by @​Dave-London in #​919

New Contributors

• @​Dave-London made their first contribution in #​919

Full Changelog: anthropics/claude-code-action@v1...v1.0.47

v1.0.46

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.46

v1.0.45

Compare Source

What's Changed

• fix: use original body from webhook payload for TOCTOU hardening by @​ddworken in #​904
• refactor: simplify mode system by removing Mode interface and registry by @​ashwin-ant in #​899

Full Changelog: anthropics/claude-code-action@v1...v1.0.45

v1.0.44

Compare Source

What's Changed

• refactor: unify action into single composite step with run.ts entrypoint by @​ashwin-ant in #​898

Full Changelog: anthropics/claude-code-action@v1...v1.0.44

v1.0.43

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.43

v1.0.42

Compare Source

What's Changed

• fix: pass OpenTelemetry environment variables to Claude Code subprocess by @​csy1204 in #​886
• fix: pass GitHub token to setup-bun to avoid rate limits by @​peloyeje in #​861

New Contributors

• @​csy1204 made their first contribution in #​886
• @​peloyeje made their first contribution in #​861

Full Changelog: anthropics/claude-code-action@v1...v1.0.42

v1.0.41

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.41

v1.0.40

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.40

v1.0.39

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.39

v1.0.38

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.38

v1.0.37

Compare Source

What's Changed

• feat: add actor-based comment filtering to GitHub data fetching by @​ranyhb in #​812
• Revert "Revert "feat: send additional_permissions in token exchange request"" by @​ashwin-ant in #​866
• Revert "chore: bump Claude Code to 2.1.21 and Agent SDK to 0.2.21" by @​ashwin-ant in #​869

New Contributors

• @​ranyhb made their first contribution in #​812

Full Changelog: anthropics/claude-code-action@v1...v1.0.37

v1.0.36

Compare Source

What's Changed

• Revert "feat: send additional_permissions in token exchange request" by @​ashwin-ant in #​864

Full Changelog: anthropics/claude-code-action@v1...v1.0.36

v1.0.35

Compare Source

What's Changed

• feat: send additional_permissions in token exchange request by @​ashwin-ant in #​859
• chore: upgrade checkout-action to v6 by @​arthur-mountain in #​862

New Contributors

• @​arthur-mountain made their first contribution in #​862

Full Changelog: anthropics/claude-code-action@v1...v1.0.35

v1.0.34

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.34

v1.0.33

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.33

v1.0.32

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.32

v1.0.31

Compare Source

What's Changed

• fix: ensure SSH signing key has trailing newline by @​ashwin-ant in #​834
• Consolidate CI workflows into a single entry point by @​ashwin-ant in #​836
• chore: bump Bun to 1.3.6 and setup-bun action to v2.1.2 by @​ashwin-ant in #​848
• refactor: remove CLI path, use Agent SDK exclusively by @​ashwin-ant in #​849

Full Changelog: anthropics/claude-code-action@v1...v1.0.31

v1.0.30

Compare Source

What's Changed

• fix: parse ALL --allowed-tools flags, not just the first one by @​AlexanderBartash in #​801
• docs: clarify that Claude does not auto-create PRs by default by @​ashwin-ant in #​824
• fix: add checkHumanActor to agent mode by @​ashwin-ant in #​826
• chore: comment out release-base-action job in release workflow by @​ashwin-ant in #​833

New Contributors

• @​AlexanderBartash made their first contribution in #​801

Full Changelog: anthropics/claude-code-action@v1...v1.0.30

v1.0.29

Compare Source

What's Changed

• [Security] Fix HIGH vulnerability: CVE-2025-66414 by @​orbisai0security in #​792
• fix: use original title from webhook payload instead of fetched title by @​ashwin-ant in #​793
• feat: add path validation for commit_files MCP tool by @​ddworken in #​796
• feat: custom branch name templates by @​dylancdavis in #​571
• fix: add missing import and update tests for branch template feature by @​ashwin-ant in #​799

New Contributors

• @​orbisai0security made their first contribution in #​792
• @​dylancdavis made their first contribution in #​571

Full Changelog: anthropics/claude-code-action@v1...v1.0.29

v1.0.28

Compare Source

What's Changed

• fix: update broken link in cloud-providers.md by @​ashwin-ant in #​758
• chore: remove unused ci yaml file by @​kiwamizamurai in #​763
• feat: add instant "Fix this" links to PR code reviews by @​aiddun in #​773
• feat: add ssh_signing_key input for SSH commit signing by @​ashwin-ant in #​784
• feat: send user request as separate content block for slash command support by @​ashwin-ant in #​785
• feat: support local plugin marketplace paths by @​gor-st in #​761
• fix: prevent orphaned installer processes from blocking retries by @​ashwin-ant in #​790
• fix: set CLAUDE_CODE_ENTRYPOINT for SDK path to match CLI path by @​ashwin-ant in #​791

New Contributors

• @​kiwamizamurai made their first contribution in #​763
• @​aiddun made their first contribution in #​773

Full Changelog: anthropics/claude-code-action@v1...v1.0.28

v1.0.27

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.27

v1.0.26

Compare Source

What's Changed

• fix: respect user's --setting-sources in claude_args by @​ashwin-ant in #​750
• fix: set GH_TOKEN alongside GITHUB_TOKEN for gh CLI precedence by @​ashwin-ant in #​752

Full Changelog: anthropics/claude-code-action@v1...v1.0.26

v1.0.25

Compare Source

What's Changed

• chore: update model to claude-opus-4-5 in workflow by @​ashwin-ant in #​747
• fix: merge multiple --mcp-config flags and support --allowed-tools parsing by @​ashwin-ant in #​748

Full Changelog: anthropics/claude-code-action@v1...v1.0.25

v1.0.24

Compare Source

What's Changed

• Fix command injection vulnerability in branch setup by @​bogini in #​736
• feat: Make Agent SDK the default execution path by @​ashwin-ant in #​738
• feat: add session_id output to enable resuming conversations by @​gor-st in #​739

New Contributors

• @​gor-st made their first contribution in #​739

Full Changelog: anthropics/claude-code-action@v1...v1.0.24

v1.0.23

Compare Source

What's Changed

• feat: add Agent SDK support with USE_AGENT_SDK feature flag by @​ashwin-ant in #​698
• fix: commentBody may be null by @​plaflamme in #​706
• feat: add simplified prompt option via USE_SIMPLE_PROMPT env var by @​ashwin-ant in #​718
• fix: accumulate multiple --allowedTools flags for Agent SDK by @​ashwin-ant in #​719
• Fix SDK path: add settingSources and default system prompt by @​ashwin-ant in #​726
• fix: resolve zizmor template injection vulnerabilities by @​ant-soumitr in #​729

New Contributors

• @​plaflamme made their first contribution in #​706
• @​ant-soumitr made their first contribution in #​729

Full Changelog: anthropics/claude-code-action@v1...v1.0.23

v1.0.22

Compare Source

What's Changed

• fix: prevent race condition on issue/PR body edits by @​ashwin-ant in #​710

Full Changelog: anthropics/claude-code-action@v1...v1.0.22

v1.0.21

Compare Source

What's Changed

• Remove experimental allowed domains feature by @​ashwin-ant in #​697
• fix: use cross-platform timeout for Claude Code installation by @​ashwin-ant in #​700

Full Changelog: anthropics/claude-code-action@v1...v1.0.21

v1.0.20

Compare Source

What's Changed

• chore: add retry loop to Claude Code installation by @​ashwin-ant in #​694

Full Changelog: anthropics/claude-code-action@v1...v1.0.20

v1.0.19

Compare Source

What's Changed

• update docs re: commit signing no longer default by @​altendky in #​675
• chore: limit PR review workflow to opened events only by @​ashwin-ant in #​691
• feat: add AWS_BEARER_TOKEN_BEDROCK support for Bedrock authentication by @​garciajrx in #​692
• feat: add Microsoft Foundry provider support by @​ashwin-ant in #​684

New Contributors

• @​altendky made their first contribution in #​675
• @​garciajrx made their first contribution in #​692

Full Changelog: anthropics/claude-code-action@v1...v1.0.19

v1.0.18

Compare Source

What's Changed

• feat: add structured output support via --json-schema argument by @​bogini in #​687

Full Changelog: anthropics/claude-code-action@v1...v1.0.18

v1.0.17

Compare Source

What's Changed

• docs: update action version from @​beta to @​v1 in docs by @​ashwin-ant in #​650

**Full Changelog

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
liam-app	Ready	Preview, Comment	May 9, 2026 2:00am
liam-assets	Ready	Preview	May 9, 2026 2:00am
liam-erd-sample	Ready	Preview, Comment	May 9, 2026 2:00am
liam-storybook	Ready	Preview, Comment	May 9, 2026 2:00am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
liam-docs	Ignored	Preview	May 9, 2026 2:00am

[giselles-ai]

Finished running flow.

Step 1
🟢	On Pull Request Opened Status: Success Updated: Feb 1, 2026 12:47am
Step 2
🟢	gpt-5 Status: Success Updated: Feb 1, 2026 12:48am
Step 3
🟢	Create Pull Request Comment Status: Success Updated: Feb 1, 2026 12:49am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[giselles-ai]

Check changeset necessity

Status: NOT REQUIRED

Reason:

• This PR only updates a GitHub Action version in workflow files (.github/workflows), not any publishable package code.
• None of the target packages are affected: @liam-hq/cli, @liam-hq/erd-core, @liam-hq/schema, @liam-hq/ui.
• No user-facing changes (no features, bug fixes, API/behavior updates, or performance changes) to published packages.
• Per the guide, development tooling changes (CI/workflows) do not require a changeset.

Changeset (copy & paste):

<!-- No changeset required: workflow-only change updating GitHub Actions. -->

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional flag.

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 2 additional findings in Devin Review.

[devin-ai-integration]

🚩 Pre-existing: Direct interpolation of user-controlled content in prompt field

At .github/workflows/claude-pr-creator.yml:58-63, ${{ github.event.issue.title }} and ${{ github.event.issue.body }} are directly interpolated into the prompt YAML string without toJSON() wrapping. In contrast, the env block at lines 48-50 correctly uses toJSON() for the same values. While this isn't a shell injection (it's a YAML string input to an action, not a run: block), malicious issue content with special YAML characters could potentially break the YAML parsing or cause unexpected prompt content. This is a pre-existing concern unrelated to this PR's changes, and v1.0.29 of the action itself added mitigations for title-based injection vectors.

(Refers to lines 57-67)

---

Was this helpful? React with 👍 or 👎 to provide feedback.