The exploit is aimed at organizations with both public and private GitHub repositories, and relies on prompt injection.
Specifically, it uses indirect prompt injection where malicious instructions are injected into seemingly regular requests.
GitHub's Agentic Workflows introduce LLMs into GitHub Actions, which is how the exploit is enabled.
No comments:
Post a Comment