Orca Reveals "RoguePilot" Vulnerability Allowing GitHub Repository Takeover

Orca just dropped "RoguePilot" / your AI coding assistant can be silently hijacked through a GitHub Issue. An attacker embedded a prompt injection within an HTML comment inside a GitHub Issue. When a developer opened a Codespace from the issue, GitHub Copilot executed the attacker’s instructions without any warning or user interaction. This allowed a full repository takeover. GitHub has since patched the vulnerability.