EPISODE · Jul 13, 2026 · 3 MIN
Claude Code Plugin Security: Fixing Shell Injection
from The Claude Code Changelog · host Jellypod, Inc.
This episode breaks down the breaking changes in Claude Code 2.1.207, including why raw template strings in custom hooks were removed and how shell-injection attacks can happen through plugin configs. It also covers the safer migration paths with exec-form arrays and CLAUDE_PLUGIN_OPTION_ environment variables, plus the new decision to ignore local repository config files for plugin resolution.
What this episode covers
This episode breaks down the breaking changes in Claude Code 2.1.207, including why raw template strings in custom hooks were removed and how shell-injection attacks can happen through plugin configs. It also covers the safer migration paths with exec-form arrays and CLAUDE_PLUGIN_OPTION_ environment variables, plus the new decision to ignore local repository config files for plugin resolution.
NOW PLAYING
Claude Code Plugin Security: Fixing Shell Injection
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m