SECURITYWEEK reports that a vulnerability in GitHub Codespaces could let attackers seize control of repositories by injecting malicious Copilot instructions into a GitHub issue, a chain described by Orca Security as enabling passive prompt injections.
According to Orca, a threat actor could prompt Copilot to exfiltrate a user’s privileged GITHUB_TOKEN by having Copilot read a local file and write data to a remote server via a JSON schema, with a crawler-like sequence involving issue text bound to an in-environment Copilot agent, repository symlinks and automatic JSON schema downloads.
The firm notes that attackers can conceal malicious content in an issue’s description using HTML comments, and abuse JSON schemas and symbolic links to access or exfiltrate data, potentially leading to a full repository takeover. The supply chain scenario has been named RoguePilot, and GitHub patched the vulnerability after being notified by Orca Security. The article is by Ionut Arghire and dated 24 February 2026.