From ff82522bc8027a18a05fd085df28f718cee5162e Mon Sep 17 00:00:00 2001 From: David Dworken Date: Sun, 1 Mar 2026 21:34:57 -0800 Subject: [PATCH 1/2] Change the default `display_report` option to false to restrict exposed data --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 34633cf5a..b7e8ac32d 100644 --- a/action.yml +++ b/action.yml @@ -122,9 +122,9 @@ inputs: required: false default: "" display_report: - description: "Whether to display the Claude Code Report in GitHub Step Summary. Set to 'false' to disable when using custom formatting solutions." + description: "Whether to display the Claude Code Report in GitHub Step Summary. Set to 'false' to disable when using custom formatting solutions. WARNING: This outputs Claude-authored content in the GitHub Step Summary, this should only be used in cases where the action is used solely with trusted input." required: false - default: "true" + default: "false" show_full_output: description: "Show full JSON output from Claude Code. WARNING: This outputs ALL Claude messages including tool execution results which may contain secrets, API keys, or other sensitive information. These logs are publicly visible in GitHub Actions. Only enable for debugging in non-sensitive environments." required: false From 8fc4d99c10fa2e751e63096ff0ef4fa0fbe8845f Mon Sep 17 00:00:00 2001 From: David Dworken Date: Sun, 1 Mar 2026 21:38:22 -0800 Subject: [PATCH 2/2] Update action.yml Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index b7e8ac32d..aecd94eee 100644 --- a/action.yml +++ b/action.yml @@ -122,7 +122,7 @@ inputs: required: false default: "" display_report: - description: "Whether to display the Claude Code Report in GitHub Step Summary. Set to 'false' to disable when using custom formatting solutions. WARNING: This outputs Claude-authored content in the GitHub Step Summary, this should only be used in cases where the action is used solely with trusted input." + description: "Whether to display the Claude Code Report in GitHub Step Summary. Set to 'false' to disable when using custom formatting solutions. WARNING: This outputs Claude-authored content in the GitHub Step Summary. This should only be used in cases where the action is used solely with trusted input." required: false default: "false" show_full_output: