I prompt injected my CONTRIBUTING.md – 50% of PRs are bots
I prompt injected my CONTRIBUTING.md – 50% of PRs are bots
glama.ai
I prompt injected my CONTRIBUTING.md – 50% of PRs are bots
How a hidden prompt injection in CONTRIBUTING.md revealed that 40% of pull requests to a popular GitHub repository were generated by AI bots
Relevant since we started outright rejecting agent-made PRs in awesome-selfhosted [1] and issuing bans for it. Some PRs made in good faith could probably get caught in the net, but it's currently the only decent tradeoff we could make to absorb the massive influx of (bad) contributions. >99.9% of them are invalid for other reasons anyway. Maybe a good solution will emerge over time.