Trust verification inconsistency: git repos auto-trusted despite potentially containing sensitive files
Resolved 💬 3 comments Opened Jan 23, 2026 by bonobonohu Closed Jan 23, 2026
Summary
Claude Code's trust verification system has an inconsistency: it asks for trust confirmation in non-git directories but auto-trusts git repositories. This assumption that git repos are "safe" is flawed.
Problem
Git repositories often contain sensitive files that are .gitignore'd:
.envfiles with API keys and secrets- Database files (
.sqlite, etc.) - Private keys and certificates
- Local configuration with credentials
- Other sensitive data explicitly excluded from version control
The fact that a directory is a git repo does not mean Claude Code can do no harm there. Claude Code could:
- Read sensitive
.gitignore'd files - Accidentally modify or delete them
- Expose secrets in conversation context
Current Behavior
- Git repo directory: No trust confirmation required
- Non-git directory: Trust confirmation required every session, with no "Trust Always" option
Suggested Improvements
- Consistent trust verification: Ask for trust regardless of git status, or provide clearer reasoning for the distinction
- "Trust Always" option: Allow users to permanently trust specific directories via a prompt option
- Configurable trust rules: Allow users to configure trusted directories in
settings.json - Consider
.gitignore'd files: The presence of.gitignoreentries could indicate sensitive files that warrant extra caution, not less
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗