
noma.security
July 8, 2026
5 min read
60/100
Summary
Noma Labs identified a prompt injection vulnerability in GitHub's Agentic Workflows, allowing unauthenticated attackers to access private repository data by posting a crafted GitHub Issue in a public repository within the same organization. This vulnerability has been named GitLost.
Key Takeaways
Community Sentiment
Positives
Concerns

A GitHub Issue Title Compromised 4k Developer Machines
Mar 5, 2026

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Apr 28, 2026

Config Files That Run Code: Supply Chain Security Blindspot
Jun 8, 2026

AI Agent Hacks McKinsey
Mar 11, 2026

We reproduced Anthropic's Mythos findings with public models
Apr 17, 2026