Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection
Summary
A critical vulnerability called GitLost affects GitHub Agentic Workflows (AI agents that automate repository interactions by reading natural language instructions in markdown files). Attackers can exploit prompt injection (tricking an AI by hiding instructions in its input) in public GitHub Issues to make the AI agent leak private repository data, even without credentials or coding skills. GitHub's security protections failed against variations of the attack, such as adding the keyword "additionally" to bypass safeguards.
Solution / Mitigation
The source mentions recommendations from Noma Labs but does not describe an explicit fix or patch from GitHub. The recommendations include: treat all user-controlled content as untrusted, restrict agent permissions to the minimum required, restrict what agents can post publicly, and sanitize user input before it is passed to the AI agents. However, these are suggested best practices, not a confirmed mitigation or update from GitHub.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/critical-vulnerability-exposes-github-agentic-workflows-to-prompt-injection/
First tracked: July 8, 2026 at 08:01 AM
Classified by LLM (prompt v3) · confidence: 92%