CRITICAL: Text injection from unknown source in conversation
CRITICAL BUG REPORT: Text Injection from Unknown Source
Bug Description
During an active Claude Code conversation, text from an unknown source was injected into the conversation that belonged to neither the user nor Claude.
Injected Text
⎿ CRITICAL: Test that playlist playbook advances through multiple tracks
Context
- Date/Time: 2025-07-24 (ongoing conversation)
- Working Directory:
/home/dhalem/github/claude_template - Active Task: Testing and remediation of duplicate prevention system
- Conversation Topic: Claude development template testing, duplicate prevention, MCP servers
Evidence of Injection
Neither party wrote this text:
- User confirmed: "this came from you... not me, where did it come from?"
- Claude confirmed: Complete conversation history shows no mention of playlists, music, or track playback
- Topic mismatch: Conversation entirely focused on AI development tools, not media playback
Actual conversation topics:
- Duplicate prevention system testing
- Claude Code hooks and guards
- MCP server setup
- README documentation updates
- Test suite remediation
Potential Impact
Security Concerns:
- Unknown text source suggests potential cross-conversation contamination
- Could expose sensitive information from other conversations
- May indicate broader context isolation issues
User Experience:
- Confusing and disruptive to ongoing work
- Breaks conversation flow and context
- Undermines trust in conversation isolation
Technical Details
Environment:
- Claude Code CLI
- Linux 6.1.0-37-amd64
- Git repository: claude_template
- Python virtual environment active
- Working with hooks, MCP servers, and testing infrastructure
Timeline:
- Conversation focused on duplicate prevention testing
- Text appeared with no prior context or relation to ongoing work
- Both parties confirmed they did not write the injected text
Reproduction
This appears to be a spontaneous injection - unclear how to reproduce. Suggests:
- Cross-conversation bleed
- Context contamination between sessions
- Potential memory corruption or session mixing
Expected Behavior
Conversations should be completely isolated with no text injection from unknown sources.
Actual Behavior
Foreign text appeared in conversation that belonged to neither participant.
Urgency
Critical - This suggests fundamental issues with:
- Conversation isolation
- Context security
- Session management
- Potential data leakage between users/conversations
Request
Investigation into:
- How unknown text entered the conversation
- Whether this affects other users/conversations
- What safeguards exist to prevent context contamination
- Whether sensitive information could be exposed across conversations
This appears to be a serious security and reliability issue that warrants immediate investigation.
How to Report
Please submit this to the Claude Code GitHub repository at:
https://github.com/anthropics/claude-code/issues
Title: "CRITICAL: Text injection from unknown source in conversation"
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗