Trust verification inconsistency: git repos auto-trusted despite potentially containing sensitive files

Resolved 💬 3 comments Opened Jan 23, 2026 by bonobonohu Closed Jan 23, 2026

Summary

Claude Code's trust verification system has an inconsistency: it asks for trust confirmation in non-git directories but auto-trusts git repositories. This assumption that git repos are "safe" is flawed.

Problem

Git repositories often contain sensitive files that are .gitignore'd:

  • .env files with API keys and secrets
  • Database files (.sqlite, etc.)
  • Private keys and certificates
  • Local configuration with credentials
  • Other sensitive data explicitly excluded from version control

The fact that a directory is a git repo does not mean Claude Code can do no harm there. Claude Code could:

  • Read sensitive .gitignore'd files
  • Accidentally modify or delete them
  • Expose secrets in conversation context

Current Behavior

  • Git repo directory: No trust confirmation required
  • Non-git directory: Trust confirmation required every session, with no "Trust Always" option

Suggested Improvements

  1. Consistent trust verification: Ask for trust regardless of git status, or provide clearer reasoning for the distinction
  2. "Trust Always" option: Allow users to permanently trust specific directories via a prompt option
  3. Configurable trust rules: Allow users to configure trusted directories in settings.json
  4. Consider .gitignore'd files: The presence of .gitignore entries could indicate sensitive files that warrant extra caution, not less

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗