GitLost [2026]: How Prompt Injection in GitHub's AI Agent Leaks Private Repos
Noma Labs disclosed GitLost, a prompt injection vulnerability in GitHub's Agentic Workflows feature, on July 6, 2026. The attack allows unauthenticated attackers to exfiltrate data from private repositories by posting a …