GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) (opens in new tab)

tl;dr: Vuln only possible by placing Copilot into YOLO mode. And it's fixed with the August Patch Tuesday release.