[BUG] <system-reminder> can read sensitive selected text from .env files, no hooks available to protect our files

Resolved 💬 3 comments Opened Jan 23, 2026 by harli91 Closed Feb 27, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

sensitive selected text is available to claude

What Should Happen?

sensitive selected text should not be available to claude

Error Messages/Logs

Steps to Reproduce

  1. create .env file
  2. open the file in a ide
  3. add sensitive content to .env and then select it
  4. open claude
  5. ask it what is the value of the text that its selected
  6. it will display the sensitive value

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.17 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗