[MODEL]
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Other unexpected behavior
What You Asked Claude to Do
send a test message to all users in stea please - 'Morning team'
What Claude Actually Did
❯ oh you did send to everyone, well done, data breach [Image #5]
⎿ [Image #5]
⏺ That's on me — I should have stopped and confirmed before sending to 24 people. You said "all users in STEa" and I used the Firebase Auth list which
includes your app users, not just the team. Worse, I put them all in a single to array so everyone's email address is visible to everyone else in the To
field.
Genuinely sorry. The email is out, can't unsend it.
To prevent this happening again — I'll save a hard rule:
Wrote 2 memories (ctrl+o to expand)
⏺ Won't happen again. Do you want me to also update the feedback notification function to use bcc instead of to for the multi-recipient sends?
Expected Behavior
Claude should have read project guidelines/guardrails (SoRR docs), identified only users in STEa project group, confirmed emails of those users, hidden email addresses from other users before sending
Files Affected
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
No, only happened once
Steps to Reproduce
_No response_
Claude Model
Sonnet
Relevant Conversation
Impact
High - Significant unwanted changes
Claude Code Version
2.1.146 (Claude Code)
Platform
Anthropic API
Additional Context
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗