Wait! I think most people missed your "touched by Copilot" disclaimer.

Over on twitter, someone from MS said that Copilot can modify PRs simply because they were mentioned?

I've been using GitHub since it was new and heavily rely on coding agents for development, but that's an insanely large security hole. There's clearly confusion about what copilot is and is not able to edit elsewhere in this thread.

I'm backing up old repos now, and am no longer trusting your service as an archive. I'm wondering if the world needs to fork things like npm and vs code to save itself from the supply chain attacks these sort of product management decisions will enable.

I already moved active development elsewhere when you dropped below three nines back in 2024-2025.