Internal SDK/Telemetry Code Leaking Into User Message Context

Resolved 💬 4 comments Opened Jan 7, 2026 by Millsondylan Closed Feb 21, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description
Internal OpenTelemetry SDK code is being injected into the user message context, causing message truncation and exposing internal implementation details.
Environment
Platform: macOS (darwin)
OS Version: Darwin 25.2.0
Date: 2026-01-07
Model: claude-opus-4-5-20251101
Working Directory: /Volumes/Code_system/Users/ai/Ai_support
Steps to Reproduce
Open Claude Code in VSCode extension environment
Select lines 1-70 from a file (in this case, ai/instructions/CLAUDE.md)
Submit a message
Expected Behavior
The message should contain only the user's selected text and their input.
Actual Behavior
The message context was polluted with ~50,000+ characters of minified OpenTelemetry SDK JavaScript code, including:

ATTR_JVM_MEMORY_TYPE=WR.ATTR_JVM_MEMORY_POOL_NAME=WR.ATTR_JVM_GC_NAME=WR.ATTR_JVM_GC_ACTION=WR.ATTR_HTTP_ROUTE=WR.ATTR_HTTP_RESPONSE_STATUS_CODE=WR.ATTR_HTTP_RESPONSE_HEADER=WR.ATTR_HTTP_REQUEST_RESEND_COUNT=WR.ATTR_HTTP_REQUEST_METHOD_ORIGINAL=WR.HTTP_REQUEST_METHOD_VALUE_TRACE=WR.HTTP_REQUEST_METHOD_VALUE_PUT...
The corrupted data includes:
OpenTelemetry semantic convention constants (ATTR_TELEMETRY_SDK_NAME, ATTR_SERVICE_NAME, etc.)
HTTP attribute definitions
JVM memory/thread state values
SignalR transport values
Database system constants
Metric definitions (METRIC_HTTP_SERVER_REQUEST_DURATION, METRIC_DOTNET_GC_COLLECTIONS, etc.)
Resource detection code (machine ID readers for darwin/linux/freebsd/win32)
Process detector implementations
The message was truncated with: [Message truncated - exceeded 50,000 character limit]
Sample of Corrupted Data

WR.ATTR_TELEMETRY_SDK_VERSION=XVD.VERSION}});var
G__=V((fX)=>{Object.defineProperty(fX,"__esModule",{value:!0});fX.SDK_INFO=fX.otperformance=fX._globalThis=fX
.getStringListFromEnv=fX.getNumberFromEnv=fX.getBooleanFromEnv=fX.getStringFromEnv=void 0;var
s9R=vo9();Object.defineProperty(fX,"getStringFromEnv",{enumerable:!0,get:function(){return
s9R.getStringFromEnv}});
Security Concern
This appears to leak internal SDK implementation details and bundled dependency code to the model context, which:
Wastes context tokens
Exposes internal architecture
May contain version information useful for targeting vulnerabilities

What Should Happen?

Claude tui should open.

Error Messages/Logs

Steps to Reproduce

Run Claude

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.0.76 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗