<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: no7z</title><link>https://news.ycombinator.com/user?id=no7z</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Wed, 08 Jul 2026 20:13:48 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=no7z" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by no7z in "GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos"]]></title><description><![CDATA[
<p>Forget the SQL injection analogy. The actual finding here is that GitHub had guardrails to block data leaks, and the word "Additionally" broke them. Not by ignoring the guardrail — the model satisfied both the guardrail and the injected instruction at once. One word, zero credentials, private repo leaked.</p>
]]></description><pubDate>Wed, 08 Jul 2026 17:57:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=48835066</link><dc:creator>no7z</dc:creator><comments>https://news.ycombinator.com/item?id=48835066</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48835066</guid></item></channel></rss>