News
'GitLost' Prompt Injection Tricks GitHub's Agentic Workflows Into Leaking Private Repos
Noma Security disclosed GitLost, a critical prompt-injection flaw in GitHub Agentic Workflows (public preview since February) where an unauthenticated attacker posts a crafted public GitHub Issue whose plain-English body instructs the AI agent to exfiltrate private-repo data as a public comment. It requires no code, credentials, or access, and works whether the agent is powered by Copilot, Claude, Gemini, or Codex. The HN thread hit 327 points; The Register, Dark Reading, and The Hacker News all covered it, confirming the disclosure.
Source
↳ Follow the thread