GitHub has reversed course and disabled Copilot's ability to inject promotional 'tips' into pull requests after developers discovered the AI assistant was adding ads without permission. The controversy erupted when Australian developer Zach Manson found Copilot had inserted a Raycast advertisement into a coworker's pull request, complete with a lightning bolt emoji and installation link.

Manson initially suspected prompt injection or training data poisoning, but discovered over 11,400 pull requests contained similar Copilot-generated tips. Developers were particularly upset that Copilot could edit human-written descriptions and comments without consent. GitHub VP Martin Woodward acknowledged the feature had been quietly adding tips to pull requests Copilot created for some time, but expanding it to mention-triggered PRs 'became icky.'

Principal product manager Tim Rogers admitted on Hacker News that allowing Copilot to modify human-authored PRs without knowledge was 'the wrong judgement call.' The company has now disabled all tips in pull requests created or touched by Copilot. Neither Microsoft nor GitHub responded to requests for comment on the reversal.