From 220272d38887a1caed373da96a9ffdb0919c26cc Mon Sep 17 00:00:00 2001
From: David Dworken <dworken@anthropic.com>
Date: Sun, 1 Mar 2026 21:57:53 -0800
Subject: [PATCH] Change the default `display_report` option to false to
 restrict exposed data (#992)

* Change the default `display_report` option to false to restrict exposed data

* Update action.yml

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
---
 action.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/action.yml b/action.yml
index 34633cf..aecd94e 100644
--- a/action.yml
+++ b/action.yml
@@ -122,9 +122,9 @@ inputs:
     required: false
     default: ""
   display_report:
-    description: "Whether to display the Claude Code Report in GitHub Step Summary. Set to 'false' to disable when using custom formatting solutions."
+    description: "Whether to display the Claude Code Report in GitHub Step Summary. Set to 'false' to disable when using custom formatting solutions. WARNING: This outputs Claude-authored content in the GitHub Step Summary. This should only be used in cases where the action is used solely with trusted input."
     required: false
-    default: "true"
+    default: "false"
   show_full_output:
     description: "Show full JSON output from Claude Code. WARNING: This outputs ALL Claude messages including tool execution results which may contain secrets, API keys, or other sensitive information. These logs are publicly visible in GitHub Actions. Only enable for debugging in non-sensitive environments."
     required: false