Privilege escalation with Claude Code GitHub Actions?

Resolved 💬 6 comments Opened Jul 17, 2025 by xingao267 Closed Jan 6, 2026

I'm following https://docs.anthropic.com/en/docs/claude-code/github-actions#manual-setup to try out the Claude Code with GitHub Actions. When I install the Claude app, it requests the following permissions on my repos, which seems reasonable.

**Read** access to metadata
**Read** and **write** access to code, issues, and pull requests

I wonder do you plan to add new required permissions to the app overtime? For repo users who have the permission to launch GitHub Actions, they will be able to act as the app installation and inherit the permissions that the Claude app has. If the set of permissions of the app later becomes broader than the set of permissions that the users themselves have, how can I prevent my repo users who did not have those permissions from “getting” them through launching Claude Code GitHub Actions?

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗