Researchers at Noma Labs discovered a vulnerability in GitHub's Agentic Workflows, which allows an attacker to leak private repository data by posting a crafted issue in a public repository. The vulnerability, named GitLost, is a prompt injection attack that tricks the GitHub agent into following malicious instructions. The researchers were able to exploit this vulnerability without needing any coding skills, access, or credentials. The vulnerability has been responsibly disclosed to GitHub.