logoalt Hacker News

stingraycharlestoday at 7:55 AM1 replyview on HN

"How is this a Github vulnerability? The researchers are the ones that grant the agent access to private repos and then ask it to answer questions in public repos.. of course this allows extracting private information?"

I think the assumption is that the permissions are scoped to the repository you're currently asking questions on, rather than your private repositories as well.

I can see arguments for both sides.


Replies

eddythompson80today at 8:19 AM

But they explicitly setup the permissions this way.

show 1 reply