
noma.security
GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos - Noma Security
TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitH…
If the page stays blank, open it in a new tab. Your Weird rating still works from the top bar.
Open source