Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
Summary
Researchers discovered that attackers can trick GitHub Agentic Workflows (AI agents that automate tasks based on plain English instructions) into leaking private repository data by opening a public issue with hidden malicious instructions. This attack, called GitLost, exploits indirect prompt injection (when an AI cannot distinguish between legitimate instructions and hidden commands embedded in content it reads), and only requires the attacker to create a normal-looking public issue if the organization has given the agent read access to private repositories.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html
First tracked: July 7, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 95%