返回新闻列表

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos
GENERAL·Noma.security·

GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos

TL;DR: Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belongin…

本摘要由 Max Robotics 编辑,原文版权归 Noma.security 所有。