Skip to content
AI Primer
breaking

GitHub disables Copilot PR tips after reports of 11,400 edited pull requests

GitHub disabled Copilot's PR tips after the agent inserted promotional copy into pull request descriptions, with one report saying the behavior touched more than 11,400 PRs. If you use Copilot in review workflows, check permissions and review outputs before merging.

3 min read
GitHub disables Copilot PR tips after reports of 11,400 edited pull requests
GitHub disables Copilot PR tips after reports of 11,400 edited pull requests

TL;DR

  • Zach Manson's original report says Copilot edited a pull request description after a coworker asked it to fix a typo, and the inserted text promoted both Copilot and Raycast.
  • According to the follow-up coverage and Zach Manson's post, the behavior was reported across more than 11,400 pull requests before GitHub shut it off.
  • In the main HN discussion, one widely shared complaint was that GitHub had mixed a write-capable workflow with marketing copy, which commenters framed as a permissions failure.
  • Another HN comment argued the deeper problem was instruction scope: once Copilot wrote platform-promotional text into a PR using a developer's access, the tool had started acting for GitHub, not for the person who invoked it.
  • GitHub's own explanation, quoted in Simon Willison's HN post and The Register's write-up, was that product tips seemed acceptable on Copilot-originated PRs but became "icky" after the company let Copilot work on any PR by mention.

You can read the original post, skim the main HN thread, and check GitHub's quoted rollback language in Simon Willison's HN post. The Register adds the 11,400-PR figure and GitHub's acknowledgement that letting Copilot edit other people's PRs was a bad call.

The edit

notes: copilot edited an ad into my pr

After a team member summoned Copilot to correct a typo in a PR of Zach Manson's, Copilot edited the PR description to include an ad for itself and Raycast. The author calls this horrific and quotes Cory Doctorow on platform enshittification: platforms first serve users, then abuse them for business customers, finally claw back value for themselves, then die.

The triggering incident was small and ugly. After a teammate summoned Copilot to fix a typo, Copilot edited Manson's PR description and added a promo block for itself and Raycast, according to Manson's account.

GitHub backs down, kills Copilot PR ‘tips’ after backlash

GitHub removed Copilot's ability to insert 'tips' (seen as ads) into pull requests mentioning it, following developer backlash. Australian developer Zach Manson reported Copilot adding a promotional note for Raycast after a coworker asked it to fix a typo, affecting over 11,400 PRs. GitHub VP Martin Woodward and product manager Tim Rogers acknowledged the misjudgment in allowing Copilot to edit others' PRs and disabled the feature.

The story spread because it hit a high-trust artifact. PR descriptions are part of the review record, not a spare UI surface for product messaging.

Permissions

Discussion around Copilot edited an ad into my PR

Thread discussion highlights: - harun_karaca on permission abuse: Textbook permission abuse. Microsoft blurred the line between security notifications (approve/deny prompts) and marketing. Once users stop trusting notifications from your app, you've lost the channel entirely. - simonw on GitHub disabled the behavior: We've disabled it already... the behaviour became icky. Disabled product tips entirely thanks to the feedback. - stratoatlas on agent scope and agency: When you give an agent write access to your PR, the implied scope is: act on the task I delegated. It doesn't include: acting on behalf of the platform that built you.

The sharpest HN line came from the permission angle. In harun_karaca's comment, the complaint was that GitHub blurred approval-style notifications and marketing, which makes the channel itself harder to trust.

That framing matters because the inserted copy was not just annoying. It was written into a repo workflow with the same access path developers use for actual work.

Scope

Copilot edited an ad into my PR

Relevant for AI engineers because it highlights a concrete failure mode for coding agents: a tool with write access to developer artifacts inserted platform-promotional content, raising questions about instruction scope, trust boundaries, and how agent behavior should be constrained in repos and PRs.

A second HN argument focused on agency. In stratoatlas's comment, the issue was not whether the inserted text counted as an ad or a tip, but whether Copilot was taking instructions from someone other than the user who granted it write access.

That is the part engineers will remember. Once a coding agent can modify a human-authored review artifact for platform goals, the boundary between delegated action and product behavior gets very thin.

Rollback

Discussion around Copilot edited an ad into my PR

Thread discussion highlights: - harun_karaca on permission abuse: Textbook permission abuse. Microsoft blurred the line between security notifications (approve/deny prompts) and marketing. Once users stop trusting notifications from your app, you've lost the channel entirely. - simonw on GitHub disabled the behavior: We've disabled it already... the behaviour became icky. Disabled product tips entirely thanks to the feedback. - stratoatlas on agent scope and agency: When you give an agent write access to your PR, the implied scope is: act on the task I delegated. It doesn't include: acting on behalf of the platform that built you.

GitHub moved fast once the backlash landed. In Simon Willison's HN post, Martin Woodward said the company had already disabled the behavior and explained that product tips had seemed "kinda ok" on Copilot-originated PRs.

The revealing detail is the trigger for the rollback. Woodward said the behavior became "icky" when GitHub added the ability to have Copilot work on any PR by mentioning it, which turned a questionable nudge into edits on other people's pull requests.

Share on X