Friday, 10 July 2026

GitHub's Agentic Workflows in the Crosshairs of GitLost

Noma Security has publicised GitLost, a technique to get GitHub Agentic Workflows to spill private repository data.

The exploit is aimed at organizations with both public and private GitHub repositories, and relies on prompt injection.

Specifically, it uses indirect prompt injection  where malicious instructions are injected into seemingly regular requests.

GitHub's Agentic Workflows introduce LLMs into GitHub Actions, which is how the exploit is enabled.

No comments: