Noma Labs describes GitLost, a prompt-injection vulnerability in GitHub’s agentic workflows that let an unauthenticated attacker use a crafted public issue to silently exfiltrate data from private repositories in the same organization.
GitLost: How We Tricked GitHub's AI Agent into Leaking Private Repos
Noma Labs describes GitLost, a prompt-injection vulnerability in GitHub's agentic workflows that let an unauthenticated attacker use a crafted public issue to silently exfiltrate data from private repositories in the same organization.
Source: Noma