AnalysisCybersecurityJuly 8, 2026

GitLost: Tricking GitHub's AI Agent into Leaking Private Repos

Noma Security researchers discovered a prompt injection vulnerability (GitLost) in GitHub Agentic Workflows, allowing unauthenticated attackers to leak private repo data via a crafted public issue. The attack requires no stolen credentials and exploits the AI agent's ability to read issues within the same organization.

3 sources