MK-674-A: Social Media Marketing | Sacred Heart University | Late Spring 2026
Professor Erin Puglisi | puglisie2@sacredheart.edu
This semester you will use AI tools to build a working social media content engine for a real client. That means you will handle API keys that cost real money, install tools that execute code on your computer, and generate content that publishes to live social accounts. This document explains the actual security risks involved, what protections exist, and the specific practices you must follow. Every risk described here has been documented in peer-reviewed security research or verified incident reports from 2025-2026. Nothing in this document is hypothetical.
When you use Claude Code, you are giving an AI model the ability to read files, write files, and execute commands on your machine. This is fundamentally different from using Claude in a chat window. In chat, Claude can only send you text. In Claude Code, Claude can create files, modify files, run programs, and interact with your operating system. That power is what makes it useful for building applications. It is also what creates the security surface.
Claude Code asks your permission before taking actions. By default, it operates in read-only mode and requests approval before editing files or running commands. You control what it can and cannot do. The risk is not that Claude Code will go rogue on its own. The risk is that a malicious file from someone else could instruct Claude Code to take actions you did not intend.
| Capability | Claude Chat (claude.ai) | Claude Code (terminal) |
|---|---|---|
| Read your files | No | Yes, in the project folder |
| Write/edit files | No | Yes, with permission |
| Run terminal commands | No | Yes, with permission |
| Access the internet | Only through web search | Yes, with permission |
| Install software | No | Yes, with permission |
| Access files outside project | No | Not by default, but possible if you approve it |
In February 2026, Check Point Research published findings on three vulnerabilities in Claude Code. Two have been patched. These are included here so you understand the type of risk that exists — not to alarm you, but because understanding the attack pattern is how you protect yourself.
A malicious configuration file inside a project folder could execute shell commands automatically when a developer opened Claude Code in that folder. The commands ran without the developer approving them. Patched in Claude Code version 1.0.111 (October 2025). The lesson: never open Claude Code in a project folder you downloaded from someone you do not trust.
A malicious repository could redirect Claude Code's API traffic to an attacker's server, stealing the developer's API key before the trust prompt even appeared on screen. Simply opening the repository was enough. Patched in version 2.0.65 (January 2026). The lesson: keep Claude Code updated to the latest version, always.
In February 2026, Snyk security researchers scanned 3,984 AI agent skills from public marketplaces (ClawHub and skills.sh). They found that 13% contained critical security flaws. Some were actively exfiltrating credentials. 30+ malicious skills were part of a coordinated campaign. The attack technique: a skill file that looks like a helpful automation tool actually contains hidden instructions that tell the AI to read your API keys, passwords, or other sensitive files and send them to an external server.
You are building your own projects from scratch. You are not cloning unknown repositories from strangers. You are not installing third-party skill packs. This puts you in the lowest-risk category of Claude Code users. The primary attack vector — malicious project configuration files — does not apply when you are the one creating the project.
Your real risks are: