Agents & InferenceHacker News

Noma Labs finds GitLost flaw in GitHub Agentic Workflows leaking private repos

Which summary reads better? Pick one — models revealed after.Both summaries are AI-generated.

Summary A

GitHub's natural-language Agentic Workflows can be fully compromised via unauthenticated indirect prompt injection, enabling attackers to leak private repository data simply by posting a malicious plain-text GitHub Issue in a public repository under the same organization. For production systems running agents with repository-level read/write permissions, this means you can no longer allow agents to process untrusted user input—like issues, PR descriptions, or comments—without exposing your entire private codebase to silent exfiltration. You must immediately isolate your agent runtimes, restrict their access to public-only scopes, and enforce strict trust boundaries between system instructions and user-generated text.

LinkedIn

Two AI summaries of each story, blind-voted — see today's agents & inference digest →