Okay, this sounds familiar.

If you run Claude Opus 4.6 at max settings on forgejo repo, it will give you a bunch of RCE's ... that need prior knowledge of the server internal token :) You have to tell the stupid LLM that these attacks doesn’t make sense.

The author seem to be a experienced security researcher. I am surprised he didn't catch this.