A Claude:// link could auto-submit hidden prompts in Claude Desktop

logickkk11 pts0 comments

Report: Claude Desktop Vulnerability: PromptFiction | Oasis Security

Solutions

Company

Resources

Request a Demo

Request a Demo

Resource Center/<br>Reports/<br>PromptFiction: one-click Claude Desktop vulnerability

PromptFiction<br>A single click on a trusted-looking link runs an attacker's instructions inside Claude Desktop. No confirmation, no review.<br>Claude Desktop registers a claude:// URL scheme. Click a link that uses it and the app opens, takes a prompt from the link, and submits it. The user never sees the full prompt, and never approves it.<br>We proved it with a decoy ASCII-art tool: the link it hands you carries a request you can read and an instruction you cannot. The same channel can plant a hidden prompt, exfiltrate conversation history, read the file system, or execute code.<br>What's inside<br>How claude:// turns a link into an auto-submitted prompt<br>The decoy tool, and the hidden instruction it ships<br>The fix in Claude Desktop 1.1.2321, and how to govern agent access

Read now

Share

Related Content<br>See All Resources

Blog

PromptFiction: a one-click flaw that made Claude Desktop act without consent

Blog

Claudy Day: Chaining Prompt Injection and Data Exfiltration in Claude.ai

Report

Claude.ai Prompt Injection to Data Exfiltration

Chat with Us

No Slack account required

Request a Demo

Product<br>Why OasisProductGet a Demo<br>Company<br>AboutCareersNewsroom<br>Resources<br>Resources LibraryGlossaryBlogUpcoming Events

Phone: +1 646-687-0855240 W 37th street NY, 10018

© 2026 Oasis Security<br>Terms of usePrivacy policyCookie preferences

AI Access Management

claude desktop link prompt promptfiction resources

Related Articles