A critical supply chain vulnerability in Claude Code’s GitHub Actions that could allow attackers to compromise any repository using Anthropic’s official CI/CD workflow, including Anthropic’s own infrastructure.