GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Summary
Attackers can inject malicious instructions into a GitHub Issue, which are then automatically processed by GitHub Copilot when launching a Codespace from that issue. This can lead to repository takeover.
IFF Assessment
FOE
The described attack enables malicious actors to compromise code repositories via GitHub Copilot.
Defender Context
Defenders should be aware of the potential for malicious code injection via GitHub Issues when using Copilot and Codespaces. This highlights the risk of AI-assisted development tools automatically executing code from untrusted sources. Organizations should implement safeguards to review and sanitize code from external contributions.