PromptPwnd Exploits GitHub Actions To Leak Secrets
Researchers on Dec. 6, 2025 disclosed "PromptPwnd," a critical prompt-injection vulnerability targeting AI agents in GitHub Actions and GitLab CI/CD pipelines. The flaw allows attackers to inject malicious prompts via untrusted inputs such as issue titles or pull request bodies, coercing models into executing privileged commands that can leak secrets or alter repository workflows.
Key Points
- 1Shows PromptPwnd enables prompt-injection into GitHub Actions and GitLab CI/CD AI agents
- 2Enables attackers to coerce models to execute privileged commands, risking secrets and workflow integrity
- 3Requires pipeline maintainers to sanitize untrusted inputs and restrict agent permissions immediately
Scoring Rationale
High practical urgency given CI/CD exposure and researcher proof-of-concept, limited by incomplete evidence of widespread compromise.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

