AnalysisCybersecurityJuly 8, 2026

Critical prompt injection in GitHub Agentic Workflows leaks private repos

Attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication. The vulnerability, dubbed GitLost, affects GitHub's new agentic workflows backed by Claude/Copilot.

2 sources