[BUG] Phantom `-` character injected as first user message on session start (Windows + `--dangerously-skip-permissions`)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Every new Claude Code session starts with a phantom - character being injected as the first user message before any actual user input. This wastes an API round-trip and creates a confusing "It looks like you sent an empty message" response at the top of every conversation.
What Should Happen?
Claude session should start without interpretting that I have sent a "-" in the session.
Error Messages/Logs
Inspecting the JSONL session logs in `~/.claude/projects/*/`, the phantom message appears as a real `"type": "user"` entry:
{
"type": "user",
"userType": "external",
"permissionMode": "default",
"message": {
"role": "user",
"content": "-"
},
"timestamp": "2026-03-05T07:35:12.512Z"
}
This entry appears immediately after the `SessionStart` hook fires and before any actual user input.
Steps to Reproduce
On Windows 11, configure skipDangerousModePermissionPrompt: true in settings.json
- Run
claude --dangerously-skip-permissions - Observe a
-appears as the first "user" message before you type anything - Claude responds with something like "It looks like you sent an empty message"
This happens 100% of the time on v2.1.61+.
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
2.1.5.0
Claude Code Version
v2.1.59 through v2.1.69
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
PowerShell
Additional Information
Cross-project
The bug affects all projects, not just one specific workspace. Confirmed across 3+ separate project directories.
Character variation
In one instance (cb616f63), the phantom character was d instead of -, suggesting the injected character may come from the --dangerously-skip-permissions flag text leaking into the input buffer.
Suspected cause
Race condition during startup when --dangerously-skip-permissions is used with skipDangerousModePermissionPrompt: true. The permission prompt dismissal appears to leak a character from the flag/prompt text into the stdin input buffer. The - likely comes from the --d... flag prefix, and the d variant from dangerously.
Impact
- Wastes ~70 output tokens per session on the unnecessary response
- Adds a confusing phantom exchange at the top of every conversation
- Adds latency before the user can start working (extra API round-trip)
Possibly related
- #17519 - Ghost characters from status area appear in scrollable content
- #29205 - Ghost sessions from remote-control connections
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗