[BUG] /feedback sends Git repository + SSH commands with customer personal data

Open 💬 0 comments Opened Jun 12, 2026 by dfumagalli

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Summary

/feedback in Claude Code attaches the full conversation transcript and the git repository to the payload sent to Anthropic. On a client project, the repository's .git/config contains the client's production-server SSH endpoint (host, port, username) as the deploy remote's pushurl. This transmits a client's production credentials to a third party by default. Not only that, it also sent the SSH passthrough full command to access a remote production machine, including the user name.

Impact

As a consultant under NDA I cannot send a client's production access to a third party; this is a confidentiality and legal-liability exposure, and it makes /feedback unusable from any real client repository.

▎ Requested fix: make attachment opt-in and granular (show exactly what will be sent — transcript, repo, file list — and let the user exclude items); never attach .git/config or other credential-bearing files by default;
▎ or default to text-only with attachments strictly opt-in.

What Should Happen?

It should filter out such sensitive contents or downright refuse to upload them.

Error Messages/Logs

Steps to Reproduce

Type /feedback and pick the first option

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.173 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

IntelliJ IDEA terminal

Additional Information

_No response_

View original on GitHub ↗