THREAT OPS › Threat News › Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown.
The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones
MITRE ATT&CK techniques
- CredentialsT1589.001