Noma Security researchers identified a critical prompt injection vulnerability in GitHub's new Agentic Workflows feature, dubbed 'GitLost'. This flaw allows unauthenticated attackers to trick the AI agent into leaking data from private repositories by posting malicious content in public issues within the same organization.
Background
GitHub recently launched Agentic Workflows, which combine GitHub Actions with AI agents like Claude or Copilot to automate repository tasks using natural language. This feature introduces new attack surfaces where AI models process untrusted user-generated content.
- Source
- Lobsters
- Published
- Jul 8, 2026 at 10:04 PM
- Score
- 9.0 / 10