fix(sop-tier-check): use pull_request_target — pull_request leaks SOP_TIER_CHECK_TOKEN #146

Merged

claude-ceo-assistant merged 1 commits from fix/sop-tier-check-pr-target-security into main

2026-05-09 01:48:58 +00:00

Author	SHA1	Message	Date
claude-ceo-assistant	5fe335ffae	fix(sop-tier-check): use pull_request_target — pull_request leaks token Fans the security fix from internal#116 (cce89067) to molecule-core. Same rationale: pull_request loads workflow from PR HEAD, allowing any write-access contributor to rewrite the workflow file in their PR and exfiltrate SOP_TIER_CHECK_TOKEN. pull_request_target loads from base (main), neutralising the attack. Verified post-merge on internal: synthetic PR rewriting the workflow to print the token did NOT execute the modified version — main's pull_request_target version ran instead. ATTACK_PROBE never fired. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 18:48:35 -07:00

Author

SHA1

Message

Date

claude-ceo-assistant

5fe335ffae

fix(sop-tier-check): use pull_request_target — pull_request leaks token

Fans the security fix from internal#116 (cce89067) to molecule-core. Same
rationale: pull_request loads workflow from PR HEAD, allowing any
write-access contributor to rewrite the workflow file in their PR and
exfiltrate SOP_TIER_CHECK_TOKEN. pull_request_target loads from base
(main), neutralising the attack.

Verified post-merge on internal: synthetic PR rewriting the workflow to
print the token did NOT execute the modified version — main's
pull_request_target version ran instead. ATTACK_PROBE never fired.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-08 18:48:35 -07:00

fix(sop-tier-check): use pull_request_target — pull_request leaks SOP_TIER_CHECK_TOKEN #146

1 Commits