Noma Labs discovered a critical vulnerability, GitLost, in GitHub's Agentic Workflows allowing unauthenticated attackers to pull private data. The vulnerability occurs due to prompt injection, where the AI agent misinterprets user input as instructions.