[MODEL] Claude Code can get access to files with denied permissions through IDE extensions
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude ignored my instructions or configuration
What You Asked Claude to Do
Normal edits, not related to the .env file.
What Claude Actually Did
Did the edits.
BUT claude also gave information it could only have gotten from the .env_production file. After asking in the chat, claude answered that it that data from the IDE extension, which provided the data from the .env_production file, due to that file having been open at the time in my IDE. The IDE is PyCharm.
Expected Behavior
Claude should not have had access to content from the .env_production file, due to having denied permissions for that file in the settings.json
Files Affected
.env_production
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Haven't tried to reproduce
Steps to Reproduce
_No response_
Claude Model
Opus
Relevant Conversation
When you select lines in your IDE (PyCharm), the Claude Code IDE extension sends
the selected text as a system reminder in the conversation, including the full
content of the selected lines. This happens automatically as context for the AI,
even for .env files.
So if you highlight a line in .env that contains API_KEY=sk-abc123, the full
line gets sent to the model. The CLAUDE.md rule that says "never read .env
files" only prevents the AI from using the Read tool on those files - it doesn't
block the IDE from sending selected content.
Worth being aware of if you have sensitive credentials in files you're browsing
while Claude Code is running.
Impact
High - Significant unwanted changes
Claude Code Version
3.6
Platform
Anthropic API
Additional Context
_No response_
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗