Researchers say a public GitHub issue could trick Agentic Workflows into leaking private repository content through a public comment, even without stolen credentials, if the agent has broad read access across an organization.
·