{"data":{"id":"06d8dd06-d60b-4ce0-bd91-bf45ddaa0dd0","title":"Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data","summary":"Researchers discovered that attackers can trick GitHub Agentic Workflows (AI agents that automate tasks based on plain English instructions) into leaking private repository data by opening a public issue with hidden malicious instructions. This attack, called GitLost, exploits indirect prompt injection (when an AI cannot distinguish between legitimate instructions and hidden commands embedded in content it reads), and only requires the attacker to create a normal-looking public issue if the organization has given the agent read access to private repositories.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html","publishedAt":"2026-07-07T14:04:50.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft","Anthropic","Google","OpenAI"],"affectedVendorsRaw":["GitHub","GitHub Agentic Workflows","GitHub Copilot","Anthropic Claude","Google Gemini","OpenAI Codex","Noma Security"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-07T14:04:50.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}