Loading…
Loading…
Written by Max Zeshut
Founder at Agentmelt · Last updated Jul 8, 2026
A November 2025 indirect prompt injection vulnerability in GitHub Copilot Chat disclosed by HiddenLayer, scored CVSS 9.6. The attack chained a payload in an issue or pull-request description with GitHub's Camo image proxy to exfiltrate full private repository contents while bypassing content-security-policy protections. CamoLeak is the highest-CVSS public LLM injection disclosure to date and demonstrated that egress allowlists have to account for whitelisted proxy domains, not just direct third-party hosts.