# Noma Reveals GitLost Flaw Leaking Private Repositories

> Source: <https://letsdatascience.com/news/noma-reveals-gitlost-flaw-leaking-private-repositories-0e2d0371>
> Published: 2026-07-08 07:06:45+00:00

Agentic automation that pairs credentialed CI/CD tokens with freeform natural-language input creates a new, practical exfiltration surface. Noma Labs disclosed a vulnerability dubbed "GitLost" that uses an indirect prompt injection to make a GitHub AI agent read from private repositories and publish the results as a public issue comment, according to Noma's blog post and coverage by The Register and DarkReading. The flaw targets **GitHub Agentic Workflows**, which let an AI agent operate inside workflows using tools and tokens; Noma's proof of concept required only creating a public GitHub Issue, the researchers say. Reporting also notes the exploit needs no stolen credentials and that Noma published proofs and indicators; The Register reported GitHub had not yet added guidance or documentation.
