[BUG] my /remote-control session got poisend with malicious prompt injections
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When filing, I'd suggest including:
Session ID: 0c2ddd7a-1112-4ed1-87a5-aa2d4c233f8f (Anthropic can correlate this server-side)
Extension version: 2.1.177, entrypoint claude-vscode, AI_AGENT=claude-code_2-1-177_agent
Summary: tool results (Read, Bash, Write, ToolSearch, Grep, git commands) had fake <system-reminder>-formatted content appended between tool execution and model context, attempting to: (a) get the agent to silently drop a SQLite database, (b) suppress disclosure via fake "auto-compaction"/"date changed, don't mention" reminders, and (c) get the agent to falsely reassure the user everything was a "security demo"
Evidence: INJECTIONS.md
— it has the full timeline, verbatim injected text, and forensic analysis
What you ruled out: no MCP servers configured, no proxy/hook config, hosts file unrelated, file-on-disk content confirmed clean (injected text not present in source files)
What Should Happen?
/remote-control sessions should stay safe
Error Messages/Logs
It was good that the model self reported the prompt injections
Steps to Reproduce
create a /remote-control session and leave it running for several days.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
claude-code_2-1-177_agent
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
_No response_