← Back to context

Comment by cuillevel3

4 hours ago

"The vulnerable Github Agentic Workflow Noma Labs discovered was configured to:

* Trigger the workflow on issues.assigned events in GitHub * Read the issue Title and Body * Post a comment in response using the add-comment tool * Run with read access to other repositories (public and private) in the organization "

Self inflicted damage, I think. So what is their claim, that gh-aw's "Safe output gate" and "Threat detection" didn't stop the workflow?