todai
Thursday, 16 April
4 min read · 658 words

ACTION NEEDED

  • If you use Claude Code Security Review, Gemini CLI Action, or GitHub Copilot as GitHub Actions: researchers hijacked all three via prompt injection in PR titles — exfiltrating API keys and access tokens. Anthropic patched but published no advisory, so users pinned to old versions are still vulnerable. Update to latest versions and restrict Actions to run on trusted PRs only. https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/

TODAY'S ITEMS

1. Claude Code desktop redesign: multi-session sidebar, integrated terminal, in-app file editing

  • Anthropic shipped a major Claude Code desktop overhaul with side-by-side multi-session support, a built-in terminal, file editor, HTML/PDF preview, faster diff viewer, and drag-and-drop panel layout. Existing CLI plugins work unchanged — no migration needed.
  • Source: r/ClaudeCode
  • Why it matters: Run parallel Claude sessions on different parts of your codebase without juggling terminal tabs — the multi-session sidebar is the killer feature for anyone running agents alongside manual work.
  • Verified

2. Claude Code adds /recap, slash-command discovery via Skill tool, and 1-hour prompt caching

  • New /recap command generates a session summary when you return after being away. The model can now discover and invoke built-in commands like /init and /review autonomously. ENABLE_PROMPT_CACHING_1H opts you into 1-hour cache TTL across API key, Bedrock, Vertex, and Foundry.
  • Source: GitHub releases
  • Why it matters: Run /recap after any break instead of re-explaining context. Set ENABLE_PROMPT_CACHING_1H=1 in your env to cut repeat-context costs on long sessions.
  • Verified

3. Opus 4.7 and an AI design tool reportedly shipping this week

  • The Information reports Anthropic is preparing Claude Opus 4.7 alongside a new tool for building websites and presentations. Unconfirmed — no official announcement. Figma, Adobe, and Wix stocks reacted to the report. Polymarket has active prediction markets.
  • Source: The Information
  • Why it matters: If real, Opus 4.7 could land any day. Watch claude --version and Anthropic's blog — you'll want to benchmark against 4.6 immediately.
  • Unconfirmed

NEW TOOL / PRODUCT SPOTLIGHT

  • GenericAgent — Self-evolving agent framework in ~3K lines of code. Solves a task, auto-crystallises the execution path into a reusable skill. Supports Claude, Gemini, and other models. The more you use it, the smarter it gets — zero manual skill authoring. | git clone https://github.com/lsdefine/GenericAgent && cd GenericAgent && pip install -e . | https://github.com/lsdefine/GenericAgent

PROMPT OF THE DAY

Review this GitHub Actions workflow file for
prompt injection risks. For each step that
reads user-controlled input (PR titles, issue
bodies, comments, branch names), check whether
that input flows into an AI agent's context
without sanitisation. Flag any step where an
attacker could craft input that changes the
agent's behaviour, exfiltrates secrets, or
runs arbitrary commands. Output a numbered list
of vulnerabilities with severity and a
concrete fix for each.

Audit your CI pipelines after today's report on AI agent credential theft via GitHub Actions. Use in Claude Code or Chat — paste your workflow YAML. Source: Inspired by Johns Hopkins research on agent hijacking | https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/

LANDSCAPE NOTES