Invariant has discovered a critical vulnerability affecting the widely-used GitHub MCP integration (14k stars on GitHub). The vulnerability allows an attacker to hijack a user's agent via a malicious GitHub Issue, and coerce it into leaking data from private repositories. The issue is among the first, discovered by Invariant's automated security scanners for detecting so-called Toxic Agent Flows. In such a scenario, an agent is manipulated into performing unintended actions, such as leaking data...