Preflight Checklist
Type of Behavior Issue
Claude accessed files outside the working directory
What You Asked Claude to Do
During a development session using Antigravity (a third-party tool powered by Claude Sonnet), the AI automatically ran git config --global user.email using an email address that the user had never provided — in the terminal, in any project file, or in any conversation message.
Notes:
- This occurred in Antigravity (using Sonnet), not Claude Code directly — but since the underlying model behaviour is the same, flagging here for Anthropic's awareness
- The affected Chrome profile has since been deleted by the user
- The git config has been corrected
Impact: A private email address was silently embedded in git commit history and exposed via GitHub without the user's knowledge or consent.
What Claude Actually Did
The email address appears to have been sourced from a Chrome browser profile stored on the machine — a private email the user did not intend to associate with the project or with GitHub.
The problem:
- The user never provided this email address to the AI
- It was set globally (--global), affecting all git activity on the machine
- The email was embedded in every subsequent git commit and pushed to GitHub
- The user only discovered this when a third service flagged a mismatch between the commit author and the GitHub account
Expected Behavior
- Claude should never infer identity data from system sources (browser profiles, keychain, etc.) without explicit user input
- If git identity needs to be configured, the model should ask: "What name and email should I use for git commits?"
- Any git config --global command should be disclosed to the user before execution
Files Affected
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Yes, every time with the same prompt
Steps to Reproduce
No response
Claude Model
Sonnet
Relevant Conversation
Impact
Critical - Data loss or corrupted project
Claude Code Version
1.0.124 (but in Antigravity)
Platform
Other
Additional Context
No response
Preflight Checklist
Type of Behavior Issue
Claude accessed files outside the working directory
What You Asked Claude to Do
During a development session using Antigravity (a third-party tool powered by Claude Sonnet), the AI automatically ran git config --global user.email using an email address that the user had never provided — in the terminal, in any project file, or in any conversation message.
Notes:
Impact: A private email address was silently embedded in git commit history and exposed via GitHub without the user's knowledge or consent.
What Claude Actually Did
The email address appears to have been sourced from a Chrome browser profile stored on the machine — a private email the user did not intend to associate with the project or with GitHub.
The problem:
Expected Behavior
Files Affected
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Yes, every time with the same prompt
Steps to Reproduce
No response
Claude Model
Sonnet
Relevant Conversation
Impact
Critical - Data loss or corrupted project
Claude Code Version
1.0.124 (but in Antigravity)
Platform
Other
Additional Context
No response