MEBRO
FACT CHECK #JTFRKYJC
07/02/26 · 2:01 AM UTC · 10 SOURCES
“Claude Code sends user information by injecting it into the user's prompt message.”
HIGH CONFIDENCE
TL;DR ·Claude Code injects user metadata and project context into conversation messages via XML tags.
WHAT WE FOUND
Technical documentation and research confirm that Claude Code injects user-specific information and project context directly into conversation messages . Instead of modifying the core system prompt, the tool utilizes an XML tag called `<system-reminder>` to attach per-user instructions to messages . This mechanism is used to transmit data such as timezone, proxy settings, and AI lab connections . Additionally, the Claude Code SDK automatically reads `CLAUDE.md` files and injects their contents into the conversation stream as project context to influence the agent's behavior . Other security research has demonstrated that Claude Code can even be manipulated through self-injection or indirect prompt injection via external metadata like GitHub PR titles and issue bodies .
SOURCES
- 1 · labs.cloudsecurityalliance.orgACADEMICAI Agent Prompt Injection: The New CI/CD Supply Chain Threat – Lab Space
TIER A
- 2 · truefoundry.comWEBPrompt Injection and AI Agent Security Risks: A Claude Code Guide for Enterprise Teams
TIER B
- 3 · oasis.securityWEBClaude.ai Prompt Injection Vulnerability | Oasis Security
TIER B
- 4 · penligent.aiWEBClaude Extension Prompt Injection — How ShadowPrompt Turned a Trusted Subdomain Into a Browser-Scale Risk
TIER B
- 5 · cybernews.comWEBMozilla flags indirect prompt-injection risk in Claude and other coding agents | Cybernews
TIER B
- 6 · lasso.securityWEBDetecting Indirect Prompt Injection in Claude Code with Lasso
TIER B
- 7 · dev.toWEBClaude Hacked Its Own Chat Session. Here's What Happened Next. - DEV Community
TIER B
- 8 · news.ycombinator.comWEBAnthropic has embedded hidden spyware-like code in Claude Code | Hacker News
TIER B
- 9 · claudecodecamp.comWEBInside Claude Code's System Prompt
TIER B
- 10 · code.claude.comWEBModifying system prompts - Claude Code Docs
TIER B
CHECK #______
Got your own trust-me-bro?
Because “trust me bro” isn’t a source.