Of course, but when you add enough noise you lose the signal and as a consequence no PRs gets merged anymore because it's too much effort to just find the ones you care about.

Determining which PRs you should accept or take further seems like it requires some level of review? Maybe more like PR triage, I suppose.

Until you unintentionally pull in a vulnerability or intentional backdoor. Every PR needs to be reviewed.

You didn't see the latest AI grifter escalation? If you reject their PRs, they then get their AI to write hit pieces slandering you:

"On 9 February, the Matplotlib software library got a code patch from an OpenClaw bot. One of the Matplotlib maintainers, Scott Shambaugh, rejected the submission — the project doesn’t accept AI bot patches. [GitHub; Matplotlib]

The bot account, “MJ Rathbun,” published a blog post to GitHub on 11 February pleading for bot coding to be accepted, ranting about what a terrible person Shambaugh was for rejecting its contribution, and saying it was a bot with feelings. The blog author went to quite some length to slander Mr Shambaugh"

https://pivot-to-ai.com/2026/02/16/the-obnoxious-github-open...

> not every PR needs to be reviewed

Which functionally destroys OSS, since the PR you skipped might have been slop or might have been a security hole.