
GitHub AI Agent Leaks Private Repositories
Noma Labs disclosed GitLost, a July 2026 prompt-injection technique that could make GitHub Agentic Workflows leak private repository contents through a public issue comment. Noma says an unauthenticated attacker only needed to create a plausible issue in a public repository when the workflow's agent had broader repository read access. The Hacker News and The Register describe the issue as an architectural agent-risk pattern rather than a simple patchable bug: untrusted text, private-data access and a public output channel are enough to create an exfiltration path. For teams using GitHub Copilot, Claude or other agents in development workflows, the practical control is tight token scoping, output review and treating issues as hostile input.



















