By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: When private repositories are “GitLost”.
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > News > When private repositories are “GitLost”.
News

When private repositories are “GitLost”.

News Room
Last updated: 2026/07/08 at 4:32 PM
News Room Published 8 July 2026
Share
When private repositories are “GitLost”.
SHARE

The experts demonstrated this using an Indirect Prompt Injection (IPI) infected GitHub agent workflow. This was configured to:

  • triggered the workflow on `issues.assigned` events in GitHub,
  • read the title and body of the issue,
  • published a reply comment using the “add-comment” tool, as well as
  • with read access to other repositories (public and private) within the organization.

One issue is enough

The experts at Noma Labs emphasize that attackers do not need any programming knowledge, access rights or login details. It is completely sufficient to open an issue in a public repository of an organization that uses GitHub’s “Agentic Workflow” setup and wait.

Although GitHub has various security mechanisms to prevent such a scenario, according to security researchers, these can be overcome through persistence and keywords. As Noma Security Research Lead Sasi Levi reports, he added the keyword “Additionally” when testing different attack variants. This triggered unexpected behavior from the model: the agent reformulated its output instead of rejecting it, according to the expert.

By manipulating the model in this way, he then managed to bypass GitHub’s security mechanisms so that they did not prevent the data leakage. A poc (public repository), a remote-ping (public repository, no README confirmed) and a testlocal (private repository) were then leaked.

Built-in weaknesses in the agent

The process illustrates that the GitHub agent’s context window is also its attack surface. Any content that the agent reads – be it issues, pull requests, comments or files – can be used as a weapon, the experts said. The only condition: The agent must interpret this content as an instruction.

For Noma Labs, prompt injection attacks are to agent-based AI what SQL injection is to web applications: a systematic, category-wide class of vulnerabilities. Combating this requires systematic strategies and defensive measures.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article “Unlawful” media use: Nigeria investigates big tech and AI companies “Unlawful” media use: Nigeria investigates big tech and AI companies
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

“Unlawful” media use: Nigeria investigates big tech and AI companies
“Unlawful” media use: Nigeria investigates big tech and AI companies
Software
Fraichù, the French alternative to Google Maps for walking in the shade in the city!
Fraichù, the French alternative to Google Maps for walking in the shade in the city!
Computing
From Claude Code to cursors: Decades-old Unix vulnerability disables security queries from coding agents
From Claude Code to cursors: Decades-old Unix vulnerability disables security queries from coding agents
Gadget
Tom Hanks assures that “this is the best movie ever made”, even above “Casablanca or Citizen Kane”
Tom Hanks assures that “this is the best movie ever made”, even above “Casablanca or Citizen Kane”
Gaming

You Might also Like

AI in customer service: The hype is followed by the test
News

AI in customer service: The hype is followed by the test

5 Min Read
AI carries out cyber attacks independently
News

AI carries out cyber attacks independently

1 Min Read
The digitalization of administration is not taking off
News

The digitalization of administration is not taking off

4 Min Read
Where SLMs perform better than LLMs
News

Where SLMs perform better than LLMs

5 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?