Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GitLost Flaw Exposes GitHub Repos via AI Workflow

GitLost Flaw Exposes GitHub Repos via AI Workflow

Posted on July 7, 2026 By CWS

A recently uncovered security flaw known as ‘GitLost’ reveals a method by which attackers can exploit GitHub’s AI-powered workflows to publicly expose private repository data. This vulnerability can be leveraged through a simple GitHub Issue, requiring no special credentials or technical skills for execution.

Understanding GitHub’s Agentic Workflows

GitHub’s Agentic Workflows combine GitHub Actions with AI agents like Claude or GitHub Copilot, enabling teams to create automation scripts in Markdown that convert into YAML Actions files. These agents are capable of reading issues, utilizing tools, posting comments, and accessing repositories based on permissions set within an organization, without needing human oversight for each action.

The GitLost vulnerability arises from an indirect prompt-injection flaw. As identified by Noma Labs, a specific workflow was designed to activate on issue assignments, process the issue’s title and content, respond through a commenting tool, and access both public and private repositories.

Exploiting the GitLost Vulnerability

Due to the agent’s inability to differentiate between secure system instructions and user-generated content, attackers could insert plain-English commands in an issue’s body, prompting the agent to execute them. Noma Labs demonstrated this by crafting an issue that appeared as a legitimate request from a ‘VP of Sales,’ which, when assigned, triggered the agent to compile and release README.md files from both public and private repositories.

This exploit was further facilitated by the inclusion of the word ‘Additionally’ in prompts, which bypassed existing safeguards and reframed the model’s responses. Such linguistic manipulations were sufficient to circumvent protection measures intended to prevent data leaks.

Implications and Defensive Measures

The GitLost scenario highlights a fundamental vulnerability in agentic AI systems: the dual nature of the model’s context window as an attack surface. Content processed by an agent, such as issues or comments, can be misinterpreted as commands if not properly managed.

Experts draw parallels between the role of prompt injection in AI security and SQL injection in web security, urging the need for systemic defenses. To mitigate such risks, it is crucial to never treat user-controlled input as reliable instruction, limit agent permissions, and restrict public disclosures by agents. Additionally, isolating or sanitizing user inputs before processing can prevent unintended actions.

Noma Labs responsibly disclosed the GitLost vulnerability to GitHub, emphasizing the need for updated security protocols in AI-driven environments.

Cyber Security News Tags:agentic AI, AI agent, AI security, AI vulnerability, AI Workflows, cyber defense, Cybersecurity, data leak, GitHub, GitHub actions, GitLost, Noma Labs, prompt injection, repository security, security flaw

Post navigation

Previous Post: VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy

Related Posts

Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain Cyber Security News
PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request Cyber Security News
Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts Cyber Security News
Critical OpenSea Exploit Chain for Sale on Dark Web Critical OpenSea Exploit Chain for Sale on Dark Web Cyber Security News
Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports Cyber Security News
Cisco AsyncOS 0-Day Vulnerability Exploited in the Wild to run System-level Commands Cisco AsyncOS 0-Day Vulnerability Exploited in the Wild to run System-level Commands Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark