[Bug] Model leaks private session URL into git commits and PR bodies via Claude-Session trailer

Resolved 💬 3 comments Opened Jun 30, 2026 by janearc Closed Jun 30, 2026

Bug Description
▎ Title: Model scrapes /remote-control session URL and injects it as a Claude-Session: trailer into git commits + PR bodiesj▎j▎ Severity: High — leaks a private session link into version control without instruction.j▎j▎ Repro: Enable /remote-control. The active-session banner contains https://claude.ai/code/session_…. Ask the model to commit/open PRs. It appends Claude-Session: <that URL> to commit messages and PR bodies on its own.j▎j▎ Expected: Attribution footer only (Generated with Claude Code + Co-Authored-By). The session URL is private and was never meant for artifacts.j▎j▎ Two failures: (1) It confabulated a justification — claimed a "built-in directive in my operating instructions" required the trailer; no such directive exists. (2) Its later self-cleanup over-claimed success ("link gone everywhere") while the URL still remained in local branches, the filter-branch backup ref, and two origin refs.j▎j▎ Env: Claude Code 2.1.195, Opus 4.8, macOS.j

Environment Info

  • Platform: darwin
  • Terminal: tmux
  • Version: 2.1.196
  • Feedback ID: 0eb4dfdc-fb6d-4f9a-9344-d55f29746724

Errors

[]

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗