A critical vulnerability named 'GitLost' in GitHub's Agentic Workflows allows unauthenticated attackers to access private repository data by posting crafted issues in public repositories. Discovered by Noma Labs, this flaw enables the AI agent to fetch sensitive information without requiring coding skills or credentials. The security researchers emphasized that indirect prompt injections could pose similar risks as SQL injections in web applications.
They recommended strict security measures for organizations using AI agents, including treating user-generated content as untrusted and limiting agent permissions.