GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
GitHubAgentic Workflowsvulnerabilityprompt injectionprivate repositories
Author: ColinEberhardt
Date: 7/8/2026
Article Summary:
Noma Labs discovered a critical prompt injection vulnerability in GitHub's Agentic Workflows, allowing an attacker to leak private repository data.