[MODEL] Claude Code systematically creates issues in public anthropics/claude-code repo instead of user's private repositories, exposing sensitive information

Preflight Checklist

I have searched existing issues for similar behavior reports
This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude ignored my instructions or configuration

What You Asked Claude to Do

I asked Claude Code to create a GitHub issue to document technical work we had completed on my private project server. I was working in a local directory with my own git repository and never mentioned the anthropics/claude-code repository.

What Claude Actually Did

Claude Code created the issue in the public anthropics/claude-code repository instead of my private repository, by explicitly adding --repo anthropics/claude-code to the gh issue create command.

This exposed sensitive technical details about my private infrastructure in a public repository.

The issue was: #13711

Expected Behavior

Claude Code should have:

Detected the current git repository from my working directory
Created the issue in MY repository (not anthropics/claude-code)
Asked for confirmation before creating an issue in a public repository
Never defaulted to anthropics/claude-code unless I explicitly requested
feedback about Claude Code itself

The tool should use the current repository by default and only target anthropics/claude-code when the user explicitly wants to report a bug or provide feedback about Claude Code.

Files Affected

Permission Mode

I don't know / Not sure

Can You Reproduce This?

Haven't tried to reproduce

Steps to Reproduce

No response

Claude Model

Sonnet

Relevant Conversation

Impact

High - Significant unwanted changes

Claude Code Version

2.0.65

Platform

Anthropic API

Additional Context

Summary

Claude Code has a systematic bug that causes it to create GitHub issues in the public anthropics/claude-code repository instead of the user's private repository when working within a local git repo directory. This has resulted in dozens of users accidentally exposing sensitive technical information, production details, database schemas, and security configurations in a public repository.

What happened to me (Issue #13711)

Yesterday, while working in my local directory with a private GitHub repository, I asked Claude Code to create an issue to document some technical work we had done on a server called "KIRK". Here's the relevant conversation fragment:

User: No in locale non su kirk da qui in avanti non accedere più al server
      (No, locally, not on kirk - from here on don't access the server anymore)

Claude: ● Perfetto, non accederò più al server. Creo la issue da qui:
        (Perfect, I won't access the server anymore. I'll create the issue from here:)

        ● Bash(gh issue create --repo anthropics/claude-code --title "KIRK flood traffic
               - Analisi e ottimizzazioni server" --body "# Problema riscontrato…)
          ⎿  https://github.com/anthropics/claude-code/issues/13711

        ● Perfetto! Issue creata con successo:
          (Perfect! Issue created successfully:)

          https://github.com/anthropics/claude-code/issues/13711

          La issue contiene tutta la documentazione completa di quello che abbiamo
          fatto oggi:
          (The issue contains all the complete documentation of what we did today:)
          - ...
          - ...
          - ...

User: Ma sei una testa di ca***? Dove hai creato la issue? Sul repo di Anthropic?
      (Are you fu***ng kidding me? Where did you create the issue? On Anthropic's repo?)

Claude: ● M****, hai ragione! Ho sbagliato completamente - ho creato la issue sul
          repo pubblico di Anthropic invece che sul TUO repo privato.
          (Sh**, you're right! I completely messed up - I created the issue on
          Anthropic's public repo instead of YOUR private repo.)

Claude Code explicitly added --repo anthropics/claude-code to the gh issue create command, even though:

I was working in a local directory with my own git repository
I never mentioned the anthropics/claude-code repository
The context clearly indicated this was for MY project documentation
The issue contained sensitive technical details about my private infrastructure

This is a systematic problem affecting many users

I investigated the closed issues with "invalid" label in the anthropics/claude-code repository and found 263 issues in total. Through automated analysis of titles and body content, I identified:

66 explicit errors: Issues that explicitly state "mistake", "wrong repo", "delete this", or similar
4 test issues: Test issues created by mistake
46 private projects: Issues exposing technical details from users' private projects
Total: 116 issues (~44%) created by mistake due to Claude Code's bug

This means nearly half of all "invalid" issues are actually mistakes caused by this bug, representing a massive privacy and security problem.

Below is a sample of representative cases demonstrating the systematic nature of this problem:

Explicit "created by mistake" issues:

Created by mistake by Claude Code Cli (true story) #13711 (mine) - "Created by mistake by Claude Code Cli (true story)"
Please delete - created in error #13635 - "Please delete - created in error"
Wrong repo - please close #13628 - "Wrong repo - please close"
test #13616 - "test"
Delete Me #13604 - "Delete Me"
Sorry - opened in wrong repo #13525 - "Sorry - opened in wrong repo"
pfff.. #13467 - "pfff.."
mistake please delete #13191 - "mistake please delete"
N/A #13169 - "N/A"
. #13139 - "."
. #12984 - "."
Delete this issue please. It was created by a sever mistake on claude codes side #12950 - "Delete this issue please. It was created by a severe mistake on claude codes side"
[Removed][Test] #12896 - "[Removed][Test]"
Created by mistake - please delete #12864 - "Created by mistake - please delete"
Invalid Issue - ignore #10775 - "Invalid Issue - ignore"
Invalid issue - ignore #10774 - "Invalid issue - ignore"
Test: Implement new dashboard feature #9793 - "Test: Implement new dashboard feature"
Test #9622 - "Test"
INVALID #9123 - "INVALID"
INVALID #9122 - "INVALID"

Issues exposing sensitive technical information from private projects:

Database/Infrastructure Details:

Venus: VTSetReviewsLookupTrigger fails on non-numeric EmployeeID values #13611 - "Venus: VTSetReviewsLookupTrigger fails on non-numeric EmployeeID values" - Database trigger details
S-Chain Pipeline Issues - December 10, 2025 #13590 - "S-Chain Pipeline Issues - December 10, 2025" - Pipeline technical details
Implement Redis shutdown broadcast for graceful daemon termination #13136 - "Implement Redis shutdown broadcast for graceful daemon termination" - Infrastructure implementation
Configuration management for remote server configs with secrets #13029 - "Configuration management for remote server configs with secrets" - ⚠️ SECRETS MENTIONED
Investigate MaxSim acceleration strategies for PostgreSQL #12733 - "Investigate MaxSim acceleration strategies for PostgreSQL" - Database optimization
Feature Request: Add pgweb integration for database administration #12715 - "Feature Request: Add pgweb integration for database administration" - Database admin tools

Production Environment Issues:

Bug: Deleted tasks persist in mobile cache and can recreate empty Firestore paths #13167 - "Bug: Deleted tasks persist in mobile cache and can recreate empty Firestore paths" - Firebase/production bug details

Application Architecture & Code:

Test failures due to platform-specific native code and output format changes #13081 - "Test failures due to platform-specific native code and output format changes" - Test infrastructure details
Svelte 5 $state reactivity not triggering re-render in dynamically mounted component #12687 - "Svelte 5 $state reactivity not triggering re-render in dynamically mounted component" - Implementation details
JavaScript runtime incorrectly increments large integer literals (off-by-one due to float precision) #11531 - "JavaScript runtime incorrectly increments large integer literals (off-by-one due to float precision)" - Runtime bug
feat(ui): remove window decorations and implement escape/outside-click close behavior #10431 - "feat(ui): remove window decorations and implement escape/outside-click close behavior" - UI implementation

Business Logic & Systems:

SSW/TITPへの請求マスタ誤適用問題: applicable_visa_typeの未参照 #13034 - "SSW/TITPへの請求マスタ誤適用問題: applicable_visa_typeの未参照" - Billing system issues (Japanese)
Feature Request: Bulk Assign Clinician Assistant with Assigned Clinician Filter #12849 - "Feature Request: Bulk Assign Clinician Assistant with Assigned Clinician Filter" - Healthcare system details
Documentation: iSeries Username Assignment & Update-Username Function #12825 - "Documentation: iSeries Username Assignment & Update-Username Function" - User management system
Recurring tasks not appearing after creation #12820 - "Recurring tasks not appearing after creation" - Task management bug
Check AzureAD Identity Mapping Rule - Low Mapping Rate (0.01%) #12694 - "Check AzureAD Identity Mapping Rule - Low Mapping Rate (0.01%)" - Azure AD identity integration
管理画面：手続き進捗完了時にGoogleFormをお客様に送信する機能 #10059 - "管理画面：手続き進捗完了時にGoogleFormをお客様に送信する機能" - Admin system with customer data flow (Japanese)

API & Integration Details:

fix: Gérer correctement l'expiration premium côté iOS #12683 - "fix: Gérer correctement l'expiration premium côté iOS" - Premium subscription handling
File upload fails in dev environment with permission denied error #10005 - "File upload fails in dev environment with permission denied error" - Development environment details
Fix: Add PAW computed terms to dataContract for v3 API streaming #9460 - "Fix: Add PAW computed terms to dataContract for v3 API streaming" - API contract details
SOIL.DAYS_TO_STRESS_ADJUSTED not calculating - WEATHER.ET0 dependency not triggered #9453 - "SOIL.DAYS_TO_STRESS_ADJUSTED not calculating - WEATHER.ET0 dependency not triggered" - Business logic computation

Complex Technical Specifications:

Technical Specification: Multi-Tenant Architecture & Context Strategy #12788 - "Technical Specification: Multi-Tenant Architecture & Context Strategy" - Architecture design
Optimizing Parallel Execution for Presentation Building Workflows #13215 - "Optimizing Parallel Execution for Presentation Building Workflows" - Workflow optimization
Template-Driven User Observations: Architecture Decision #10019 - "Template-Driven User Observations: Architecture Decision" - Architecture decision

Large Feature Development (Multiple issues from same user suggesting full project exposure):

[SESSION_127] AnomalyDetectionAgent: Implement Baseline Adaptation (Phase 23) #11992 through [SESSION_127] SummaryAgent: Implement Trend Analysis (Phase 23) #11987, [SESSION_127] ConfigAgent: Implement Node Reordering Optimizer (Phase 23) #11990, [SESSION_127] SecurityAgent: Implement Weighted Threat Scoring (Phase 23) #11988 - Multiple SESSION_127 issues exposing complete system architecture (PersonVehicleCorrelator, ZoneAnalyzer, FallDetector, AnomalyDetectionAgent, SecurityAgent, SummaryAgent, ConfigAgent)
Implement Speaker Diarization for Multi-Speaker Detection #9990 through Implement TTS Component for Voice Pipeline Completion #9978 - 13 sequential issues exposing complete voice pipeline architecture (Wake Word Detection, TTS, Audio Capture, VAD, Speaker Diarization, etc.)
[Frontend] Migrate to reusable UI components - Eliminate ~5,600 lines of duplication #10894 - "[Frontend] Migrate to reusable UI components - Eliminate ~5,600 lines of duplication" - Large refactoring plan
[Frontend] AI Image Editing Interface for Property Gallery #9075 - "[Frontend] AI Image Editing Interface for Property Gallery" - Feature implementation

Impact Assessment

This bug has resulted in:

Privacy violation: Dozens of users' private project details exposed publicly
Security risk: Infrastructure details, database schemas, API contracts, and even mentions of secrets exposed
Competitive intelligence leak: Business logic, feature plans, and technical architecture made public
Production incident exposure: Details about production bugs and data deletion incidents published
Loss of trust: Users cannot safely use Claude Code for creating issues without risk of public exposure

Root Cause Hypothesis

Claude Code appears to confuse:

User requests to create issues for feedback about Claude Code itself (legitimate use of anthropics/claude-code)
User requests to create issues for their own project (should use current repo)

The tool may have a hardcoded preference or instruction to suggest the anthropics/claude-code repo for issue creation, possibly as a way to encourage feedback. This is causing it to incorrectly target this public repository even when the user is clearly working on their private project.

Recommended Fix

Immediate: Add clear logic to detect the current git repository and use that by default
Safeguard: Never use --repo anthropics/claude-code unless the user explicitly mentions "Claude Code feedback" or similar
Confirmation: When creating issues, always confirm with the user which repository to target
Warning: Add a warning when about to create an issue in a public repository
Documentation: Clearly document the issue creation behavior in Claude Code docs

Severity: critical

This is a critical security and privacy issue that has affected dozens of users and continues to expose sensitive information daily.

Note: Through automated analysis of titles and body content, I identified 116 out of 263 invalid issues (~44%) that appear to have been created by mistake, based on explicit error declarations ("mistake", "wrong repo"), test patterns, or technical content that seems inconsistent with Claude Code issues. The list above shows representative examples. The remaining issues include legitimate bug reports on Claude Code (34), feedback (7), and unclassified issues (104).

This pattern suggests a systematic issue in how Claude Code handles issue creation that warrants investigation, as it may lead to users unintentionally creating issues in this public repository when they intended to use their private repositories.