[BUG] Phantom `-` character injected as first user message on session start (Windows + `--dangerously-skip-permissions`)

Resolved 💬 2 comments Opened Mar 5, 2026 by Dhickma Closed Apr 2, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Every new Claude Code session starts with a phantom - character being injected as the first user message before any actual user input. This wastes an API round-trip and creates a confusing "It looks like you sent an empty message" response at the top of every conversation.

What Should Happen?

Claude session should start without interpretting that I have sent a "-" in the session.

Error Messages/Logs

Inspecting the JSONL session logs in `~/.claude/projects/*/`, the phantom message appears as a real `"type": "user"` entry:


{
  "type": "user",
  "userType": "external",
  "permissionMode": "default",
  "message": {
    "role": "user",
    "content": "-"
  },
  "timestamp": "2026-03-05T07:35:12.512Z"
}


This entry appears immediately after the `SessionStart` hook fires and before any actual user input.

Steps to Reproduce

On Windows 11, configure skipDangerousModePermissionPrompt: true in settings.json

  1. Run claude --dangerously-skip-permissions
  2. Observe a - appears as the first "user" message before you type anything
  3. Claude responds with something like "It looks like you sent an empty message"

This happens 100% of the time on v2.1.61+.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.1.5.0

Claude Code Version

v2.1.59 through v2.1.69

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

Cross-project

The bug affects all projects, not just one specific workspace. Confirmed across 3+ separate project directories.

Character variation

In one instance (cb616f63), the phantom character was d instead of -, suggesting the injected character may come from the --dangerously-skip-permissions flag text leaking into the input buffer.

Suspected cause

Race condition during startup when --dangerously-skip-permissions is used with skipDangerousModePermissionPrompt: true. The permission prompt dismissal appears to leak a character from the flag/prompt text into the stdin input buffer. The - likely comes from the --d... flag prefix, and the d variant from dangerously.

Impact

  • Wastes ~70 output tokens per session on the unnecessary response
  • Adds a confusing phantom exchange at the top of every conversation
  • Adds latency before the user can start working (extra API round-trip)

Possibly related

  • #17519 - Ghost characters from status area appear in scrollable content
  • #29205 - Ghost sessions from remote-control connections

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗