Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
The only productivity tool I needed was Claude with folder access ...
Two settings fields, a few minutes, and neither tool agrees with me on autopilot anymore.