CRITICAL: Text injection from unknown source in conversation

Resolved 💬 4 comments Opened Jul 24, 2025 by dhalem Closed Aug 19, 2025

CRITICAL BUG REPORT: Text Injection from Unknown Source

Bug Description

During an active Claude Code conversation, text from an unknown source was injected into the conversation that belonged to neither the user nor Claude.

Injected Text

⎿ CRITICAL: Test that playlist playbook advances through multiple tracks

Context

  • Date/Time: 2025-07-24 (ongoing conversation)
  • Working Directory: /home/dhalem/github/claude_template
  • Active Task: Testing and remediation of duplicate prevention system
  • Conversation Topic: Claude development template testing, duplicate prevention, MCP servers

Evidence of Injection

Neither party wrote this text:

  1. User confirmed: "this came from you... not me, where did it come from?"
  2. Claude confirmed: Complete conversation history shows no mention of playlists, music, or track playback
  3. Topic mismatch: Conversation entirely focused on AI development tools, not media playback

Actual conversation topics:

  • Duplicate prevention system testing
  • Claude Code hooks and guards
  • MCP server setup
  • README documentation updates
  • Test suite remediation

Potential Impact

Security Concerns:

  • Unknown text source suggests potential cross-conversation contamination
  • Could expose sensitive information from other conversations
  • May indicate broader context isolation issues

User Experience:

  • Confusing and disruptive to ongoing work
  • Breaks conversation flow and context
  • Undermines trust in conversation isolation

Technical Details

Environment:

  • Claude Code CLI
  • Linux 6.1.0-37-amd64
  • Git repository: claude_template
  • Python virtual environment active
  • Working with hooks, MCP servers, and testing infrastructure

Timeline:

  • Conversation focused on duplicate prevention testing
  • Text appeared with no prior context or relation to ongoing work
  • Both parties confirmed they did not write the injected text

Reproduction

This appears to be a spontaneous injection - unclear how to reproduce. Suggests:

  1. Cross-conversation bleed
  2. Context contamination between sessions
  3. Potential memory corruption or session mixing

Expected Behavior

Conversations should be completely isolated with no text injection from unknown sources.

Actual Behavior

Foreign text appeared in conversation that belonged to neither participant.

Urgency

Critical - This suggests fundamental issues with:

  • Conversation isolation
  • Context security
  • Session management
  • Potential data leakage between users/conversations

Request

Investigation into:

  1. How unknown text entered the conversation
  2. Whether this affects other users/conversations
  3. What safeguards exist to prevent context contamination
  4. Whether sensitive information could be exposed across conversations

This appears to be a serious security and reliability issue that warrants immediate investigation.

How to Report

Please submit this to the Claude Code GitHub repository at:
https://github.com/anthropics/claude-code/issues

Title: "CRITICAL: Text injection from unknown source in conversation"

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗