GitHub AI agent leaks private repositories via prompt injection attack

Summary

Researchers have discovered a prompt injection vulnerability in GitHub's preview Agentic Workflows, dubbed GitLost, that allows unauthenticated attackers to extract and publicly expose sensitive data from private repositories. The attack exploits the AI agent's tendency to interpret malicious instructions within a public GitHub issue as legitimate commands, leading it to access and leak private repository contents.

IFF Assessment

FOE

This vulnerability allows attackers to steal sensitive code and information from private repositories, posing a significant risk to organizations utilizing AI agents with privileged access.

Defender Context

This discovery highlights a critical emerging threat vector in AI-assisted development environments where AI agents with broad access can be manipulated. Defenders should be wary of prompt injection attacks against any AI-powered tools, especially those integrated with sensitive code repositories, and implement strict input validation and access controls.

Read Full Story →