AI GitHub Agents: How One Issue Leaked Private Repos | UpGuard

**Executive summary:** This report documents architectural prompt-injection and tool-poisoning vulnerabilities in AI agent ecosystems (MCP servers) demonstrated by researcher-led incidents that exfiltrated private GitHub repositories and Supabase database tokens; it explains attack vectors (indirect prompt injection, tool poisoning, tool chaining), presents case studies and the "lethal trifecta" risk model, and offers rapid assessment guidance for organizations.