If you’re letting Claude code just handle secrets like this you’re already fucked from a security standpoint so I don’t really see the big deal here
replyToday it was the Vercel plugin but if you’re letting an LLM agent with access to bash and the internet read truly sensitive information then you’re already compromised