.aiignore file restrictions not being enforced - sensitive files still accessible [Claude Code]
Resolved 💬 3 comments Opened Jul 17, 2025 by utsav91092 Closed Aug 20, 2025
Description:
The .aiignore file is not properly restricting access to sensitive files.
Steps to reproduce:
- Create .aiignore file with pattern:
**/application*.properties - Use Read tool to access application.properties files
- Files are readable despite being in .aiignore
Expected behavior:
Files matching .aiignore patterns should be blocked from Read tool access
Actual behavior:
Read tool can access files that should be restricted, exposing sensitive configuration data like API keys etc
Security impact:
High - allows access to sensitive configuration files containing API keys etc
This is a security issue that should be prioritized since it defeats the purpose of the .aiignore file.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗