Australian developer Zach Manson discovered the issue on Monday when a coworker asked Copilot to correct a typo in one of his pull requests. The AI added more than just the requested fix.
It inserted a message promoting productivity app Raycast with a lightning bolt emoji and installation link.
"Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast,"
read the unsolicited addition that appeared as if Manson had written it himself.
"I wasn't even aware that the GitHub Copilot Review integration had the ability to edit other users' descriptions and comments," Manson told The Register. "I can't think of a valid use case for that ability."
The promotional messages weren't limited to Raycast or isolated incidents. A search revealed about 11,400 pull requests containing the same Raycast tip, while Neowin found similar promotions for Slack, Microsoft Teams, Visual Studio Code, JetBrains IDEs, and Eclipse across 1.5 million code reviews on both GitHub and GitLab. The tips appeared automatically whenever Copilot was mentioned in any pull request discussion.
GitHub responded within hours of the discovery going public on Monday morning. By afternoon, the company had disabled what it called "agent tips" in all pull requests created by or touched by Copilot.
Tim Rogers, principal product manager for Copilot at GitHub, acknowledged on Hacker News that letting the AI make changes to human-written PRs without consent was "the wrong judgement call." The feature had existed in limited form for pull requests generated entirely by Copilot itself.
GitHub VP of developer relations Martin Woodward explained that problems emerged when they expanded it to any PR mentioning Copilot.
"[When] we added the ability to have Copilot work on any PR by mentioning it the behaviour became icky,"
Woodward said.
Developers found hidden HTML comments labeled "START COPILOT CODING AGENT TIPS" in the Markdown of affected pull requests, confirming systematic insertion rather than accidental generation. Raycast reportedly didn't commission the promotions; they originated from GitHub's attempt to "help developers learn new ways to use the agent in their workflow."
GitHub has now completely disabled automatic suggestions in pull requests regardless of whether Copilot created or merely edited them. The company stated this prevents users from being confronted with similar surprises again while maintaining that "GitHub does not and does not plan to include advertisements in GitHub."
The incident highlights how AI tools designed to accelerate development work can undermine trust when they operate without transparency or user control.
