repository hijacking
Cybersecurity & Risk
RoguePilot: How Hidden Instructions in GitHub Issues Let Attackers Hijack Repositories
ALGERIATECH Editorial
March 3, 2026
Orca Security discovered RoguePilot, a passive prompt injection that let hidden GitHub Issue instructions hijack Copilot to leak tokens and take over repositories.
