
Developer
GitLost: Noma Labs Tricks GitHub AI Agent Into Leaking Private Repos
Noma Labs discovered a critical prompt injection vulnerability in GitHub's new Agentic Workflows, dubbed GitLost. An unauthenticated attacker could leak private repository data by posting a crafted GitHub Issue in a public repository belonging to the same organization. The vulnerability exploits the AI agent's failure to distinguish trusted instructions from untrusted user content.
Jul 83 minNeura News