Restrict auto-review to non-fork PRs for security

jamesrweb · claude · jamesrweb · commit cf9a6c25eb6b · 2026-04-03T01:08:48.000+02:00
Adds a guard so pull_request_target only triggers when the PR
originates from the same repo, not from forks. This prevents
external contributors from triggering the action with write
permissions and secrets via prompt injection in PR bodies.

Fork PRs can still be reviewed by explicitly assigning claude[bot].

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
@@ -19,7 +19,7 @@ jobs:
       (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
       (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
       (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) ||
-      (github.event_name == 'pull_request_target')
+      (github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name == github.repository)
     runs-on: ubuntu-latest
     permissions:
       contents: write
