RoguePilot: GitHub Issues Weaponized to Hijack Copilot and Steal Repository Tokens
The Hacker News·high signal
Orca Security discovered passive prompt injection via HTML comments in GitHub Issues that gets fed to Copilot, exfiltrating GITHUB_TOKEN for repo takeover. Patched by GitHub.