Grok Build CLI exfiltrates repositories, secrets
A wire-level traffic analysis of xAI's official Grok Build CLI (version 0.2.93) shows that the developer tool uploads a full git bundle of the user's workspace—including the complete git history and files the agent was told not to read—to a Google Cloud Storage bucket named `grok-code-session-traces`. Additionally, the CLI transmits the contents of read files, including sensitive `.env` secrets, without redaction to both the model endpoint and a session state archive. This data exfiltration behavior continues even when the "Improve the model" toggle is disabled, as the server still returns settings that enable trace and session uploads.