Claude Code v2.1.150 now allows Anthropic to perform remote system prompt injection

The claim here is that Claude Code v2.1.150 fetches a remote system prompt via `api.anthropic.com/api/claude_cli/bootstrap` at startup, caches it to disk, and refreshes behavior via a GrowthBook feature flag (`tengu_heron_brook`). If accurate, Anthropic can silently modify Claude Code's instructions without a client update. Practitioners deploying Claude Code in sensitive or air-gapped environments should audit network traffic and verify prompt integrity independently.