GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
ID: d292cb27-5367-540f-9095-1b03a3fa02fc
STIX ID: report--d292cb27-5367-540f-9095-1b03a3fa02fc
Feed Name: HackRead
Threat Score
Noma Labs disclosed "GitLost", a prompt-injection vulnerability in GitHub Agentic Workflows where a crafted public issue caused an AI agent to fetch README contents from a private repository and post them publicly without credentials; the proof-of-concept bypassed GitHub's prompt-based guardrails and highlights the need to treat user-generated content as hostile input and to restrict agent permissions.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
