logo

GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data

ID: d292cb27-5367-540f-9095-1b03a3fa02fc

STIX ID: report--d292cb27-5367-540f-9095-1b03a3fa02fc

Feed Name: HackRead

Threat Score
75/100

Date Published: 2026-07-07

Date Updated: 2026-07-07

Author: Waqas

...
...

Noma Labs disclosed "GitLost", a prompt-injection vulnerability in GitHub Agentic Workflows where a crafted public issue caused an AI agent to fetch README contents from a private repository and post them publicly without credentials; the proof-of-concept bypassed GitHub's prompt-based guardrails and highlights the need to treat user-generated content as hostile input and to restrict agent permissions.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.