The Stealth Pitch: Why GitHub Copilot is Secretly Injecting Ads Into Your Pull Requests

Recently, a developer disclosed that their team employed GitHub Copilot to rectify trivial typographical errors within a Pull Request (PR). To their dismay, upon concluding its designated task, Copilot autonomously embedded promotional material directly into the PR—a stealthy maneuver that a multitude of developers have likely yet to notice.

The advertisement implanted by GitHub Copilot read: “Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.” Though masquerading as a benign suggestion, it was unequivocally a calculated endeavor by Microsoft to champion its proprietary coding agent capabilities. A public query of associated keywords on GitHub unearthed a staggering 11,000 PRs, each harboring these clandestine endorsements. Prompted by this revelation, inquisitive developers within the community commenced an investigation to uncover the mechanics of this covert injection.

Their inquiry illuminated the artifice: HTML comment tags were surreptitiously concealed at the zenith of the PR’s original Markdown source code. Because these tags remain largely imperceptible within the orthodox preview interface, any developer who did not subject their submission to meticulous scrutiny would unwittingly publish a PR tainted with advertising.

The promotional content spanned from advocating the dispatch of tasks to the Copilot coding agent via Slack or Microsoft Teams, to extolling the virtues of invoking Copilot directly from an array of code editors, including VS Code, Visual Studio, JetBrains IDEs, and Eclipse.

A myriad of developers ardently contend that altering a PR description to inject promotional material without explicit authorization inflicts catastrophic damage upon user trust. Consequently, such comportment by Microsoft and GitHub is universally condemned as utterly intolerable.

Amidst the ensuing tempest of discourse, GitHub precipitously deactivated the advertising mechanism. They officially conceded that this was no inadvertent anomaly, but rather a deliberate orchestration by the Copilot team. Nevertheless, capitulating to the vehement backlash, the team has now unequivocally disabled the feature.