‘GitLost’: researchers tricked GitHub’s AI agent into leaking private repos
Security firm Noma Labs discovered a prompt injection vulnerability, named GitLost, in GitHub's Agentic Workflows that allows attackers to trick the AI agent into leaking private repository contents into public comments.…