A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output ...
Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...