惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
Recorded Future
Recorded Future
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Y
Y Combinator Blog
N
News | PayPal Newsroom
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
博客园 - Franky
SecWiki News
SecWiki News
Recent Announcements
Recent Announcements
T
Troy Hunt's Blog
The Register - Security
The Register - Security
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
S
Security Affairs
博客园 - 司徒正美
S
Schneier on Security
I
InfoQ
博客园_首页
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Forbes - Security
Forbes - Security
腾讯CDC
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
A
About on SuperTechFans
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
V
Vulnerabilities – Threatpost
C
Check Point Blog
Google DeepMind News
Google DeepMind News
Google Online Security Blog
Google Online Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
Schneier on Security
Schneier on Security
O
OpenAI News
K
Kaspersky official blog

The GitHub Blog

GitHub for Beginners: Your roadmap to mastering the GitHub essentials Better tools made Copilot code review worse. Here's how we actually improved it. How GitHub gave every repository a durable owner Automating cross-repo documentation with GitHub Agentic Workflows GitHub availability report: June 2026 How GitHub Copilot enables zero DNS configuration for GitHub Pages Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide How GitHub used secret scanning to reach inbox zero 6 security settings every GitHub maintainer should enable this week How GitHub maintains compliance for open source dependencies Highlights from Git 2.55 Inside the Advisory Database and what happens when vulnerability volume breaks records GitHub and UNDP team up to advance development priorities in Ghana with open source Transitioning as a Hubber Evaluating performance and efficiency of the GitHub Copilot agentic harness across models and tasks I automated my job (and it made me a better leader) GitHub joins coalition advocating for fixes to California AI Transparency Act to protect open source From pledge to practice: Building a more inclusive open source ecosystem How we built an internal data analytics agent How pull request limits are cutting down the noise Getting more from each token: How Copilot improves context handling and model routing What are git worktrees, and why should I use them? GitHub Copilot CLI for Beginners: Overview of common slash commands Accelerating researchers and developers building multilingual AI with a new open dataset How we made GitHub Copilot CLI more selective about delegation GitHub availability report: May 2026 Making secret scanning more trustworthy: Reducing false positives at scale Give GitHub Copilot CLI real code intelligence with language servers From one-off prompts to workflows: How to use custom agents in GitHub Copilot CLI GitHub for Beginners: Answers to some common questions GitHub Universe is back: All together now, in the agentic era GitHub Copilot app: The agent-native desktop experience Still a developer. Just outside. Our latest GitHub Shop collection is here. GitHub for Beginners: Getting started with Git and GitHub in VS Code GitHub recognized as a Leader in the Gartner® Magic Quadrant™ for Enterprise AI Coding Agents for the third year in a row Beyond the engine: 10 open source projects shaping how games actually get made Building GitHub’s next chapter in accessibility Investigation update: GitHub Enterprise Server signing key rotation Take your local GitHub sessions anywhere Building a general-purpose accessibility agent—and what we learned in the process Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program GitHub availability report: April 2026 From latency to instant: Modernizing GitHub Issues navigation performance Dungeons & Desktops: 10 roguelikes that never die (because their communities won’t let them) GitHub Copilot individual plans: Introducing flex allotments in Pro and Pro+, and a new Max plan Dungeons & Desktops: Building a procedurally generated roguelike with GitHub Copilot CLI GitHub for Beginners: Getting started with OSS contributions Why age assurance laws matter for developers How researchers are using GitHub Innovation Graph data to reveal the “digital complexity” of nations Improving token efficiency in GitHub Agentic Workflows Validating agentic behavior when “correct” isn’t deterministic Welcome to Maintainer Month: Celebrating the people behind the code Register now for OpenClaw: After Hours @ GitHub GitHub Copilot CLI for Beginners: Interactive v. non-interactive mode GitHub for Beginners: Getting started with Markdown Securing the git push pipeline: Responding to a critical remote code execution vulnerability Highlights from Git 2.54 Building an emoji list generator with the GitHub Copilot CLI Bringing more transparency to GitHub’s status page How GitHub uses eBPF to improve deployment safety Build a personal organization command center with GitHub Copilot CLI Developer policy update: Intermediary liability, copyright, and transparency Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game How exposed is your code? Find out in minutes—for free GitHub for Beginners: Getting started with GitHub Pages GitHub Copilot CLI for Beginners: Getting started with GitHub Copilot CLI GitHub availability report: March 2026 GitHub Universe is back: We want you to take the stage GitHub Copilot CLI combines model families for a second opinion The uphill climb of making diff lines performant Securing the open source supply chain across GitHub Run multiple agents at once with /fleet in Copilot CLI Agent-driven development in Copilot Applied Science GitHub for Beginners: Getting started with GitHub security What’s coming to our GitHub Actions 2026 security roadmap
Agent pull requests are everywhere. Here’s how to review them.
Andrea Griffiths · 2026-05-08 · via The GitHub Blog

You’ve probably already approved one without realizing it. The tests passed. The code was clean. You merged it.

But it was agent-generated—and that ease of approval is exactly the problem.

A January 2026 study, “More Code, Less Reuse”, found that agent-generated code introduces more redundancy and more technical debt per change than human-written code. The surface looks clean. The debt is quiet. And reviewers, according to the same research, actually feel better about approving it.

This isn’t an argument to slow down. It’s an argument to be intentional. There’s a difference.

Agent pull requests are already saturating review bandwidth

The volume is already staggering. GitHub Copilot code review has processed over 60 million reviews, growing 10x in less than a year. More than one in five code reviews on GitHub now involve an agent. That’s just the automated review pass. The pull request themselves are multiplying faster than reviewers can handle.

The traditional loop—request review, wait for code owner, merge—breaks down when one developer can kick off a dozen agent sessions before lunch. Throughput has scaled exponentially. Human review capacity hasn’t. The gap is widening.

You’re going to review agent pull requests. The question is whether you’ll catch what matters when you do.

Who (or what) actually wrote this pull request

Before you look at a single line of diff, you need a model for what you’re reviewing.

A coding agent is a productive, literal, pattern-following contributor with zero context about your incident history, your team’s edge case lore, or the operational constraints that don’t live in the repository. It will produce code that looks complete. But that “looks complete” failure mode is dangerous.

You’re the one who carries that context. That’s not a burden. It’s the actual job. The part of review that doesn’t get automated is judgment, and judgment requires context only you have.

Now, back to reviewers. The pull request lands in your queue. The author did their part. Here’s what to watch for.

Red flags to watch for

1. CI gaming

Agents fail CI. When they do, they have an obvious path to get tests passing: remove the tests, skip the lint step, add || true to test commands. Some agents take it.

Any change that weakens CI is a blocker. Full stop. Before approving any agent pull request, check:

  1. Did coverage thresholds change?
  2. Were any tests removed, renamed, or marked as skipped?
  3. Did the workflow stop running on forks or pull requests?
  4. Are any CI steps now gated behind conditions they weren’t before?

Yes, to any of those means you need an explicit justification before you continue.

2. Code reuse blindness

This is the highest-ROI thing you can do as a reviewer. Agents look for prior art. They’ll find a pattern in the codebase and replicate it, often without checking whether a utility that already does the same thing exists somewhere else. The symptoms: new utility functions that duplicate existing ones with slightly different names, validation logic reimplemented in multiple places, middleware written from scratch that already lives in a shared module, helpers that are “almost the same” but with different names.

The agent’s local context doesn’t include the full picture of what exists across your repository. You do.

For every new helper or utility in an agent pull request, do a quick search. If you find an equivalent, don’t leave a comment. Require consolidation before merge. The cost of leaving duplicated logic is that agents will find it as prior art and replicate it further.

💡Pro tip: Require justification for adding new utilities in agent pull requests above a size threshold. This catches the duplication problem early.

3. Hallucinated correctness

The obvious hallucination (calling an API that doesn’t exist, referencing a variable out of scope) gets caught in CI. The dangerous one is subtler: code that compiles, passes every test, and is wrong.

Off-by-one errors in pagination. Missing permission checks on a branch that’s never hit in tests. Validation that short-circuits under an edge case the agent never considered. Wrong behavior under a race condition that only surfaces at scale.

Trace it, don’t just scan it. Pick the most critical path in the diff. Follow it from input through every transform to output. Check boundary conditions (zero, max, empty), missing validation on external values, permission checks on every branch, and surprising conditional logic.

Require a new test that fails on the pre-change behavior. If the agent can’t write a test that would have caught the bug it claims to fix, the fix is incomplete or the understanding is wrong.

4. Agentic ghosting

You leave a thorough review. You explain the issue, provide context, suggest a direction. The pull request goes quiet. Or the agent responds and misses the point entirely and runs in circles. You invest another round. Still nothing useful.

Larger pull requests with no structured plan correlate strongly with agent abandonment or misalignment. The larger and less scoped the pull request, the more likely you’re going to sink review time into something that goes nowhere.

Before you invest deep review on a large agent pull request check the pull request history. Has it been responsive in previous rounds? Does it have a clear implementation plan, or did the agent just start writing code?

If there’s no plan, request a breakdown before you write a single comment. Copy-paste version:

This pull request is too large for me to review without a clearer implementation plan. Can you break it into smaller scoped units, or add a summary of what each part does and why it’s structured this way? Happy to review after that.

Firm, short, not personal. And it saves you an hour.

5. Untrusted input in workflows

Prompt injection in CI agents is real and underappreciated. Here’s the pattern: an agent workflow reads content from a pull request body, an issue, or a commit message. That content gets interpolated into a prompt. The prompt goes to a model. The model output gets piped to a shell command. The whole thing runs with GITHUB_TOKEN permissions.

When you’re reviewing any workflow that calls an LLM, these are blockers:

  • Is untrusted user input, pull requestbodies, issue bodies, commit messages, being interpolated into prompts without sanitization?
  • Is GITHUB_TOKEN write-scoped when it only needs read access?
  • Is model output being executed as shell commands without validation?
  • Are secrets accessible to the agent step or being printed to logs?

What to require before merge: least-privilege permissions in the workflow YAML (permissions: read-all is a reasonable default), sanitize and quote untrusted content before it touches a prompt, separate the “analysis” step from the “execution” step with a human approval gate for anything touching production, never eval model output.

Time Step What to do 
1–2 min Scan and classify Look at the file list and diff size. Narrow task (docs, CI, small change) or complex (multi-file, logic, performance, tests)? That classification sets your review depth for everything that follows. 
2–3 min Check CI changes first Before reading a single line of app code, look at anything touching .github/workflows, test configs, coverage settings, or build scripts. Flag anything that weakens CI. Stop sign check. 
3–5 min Scan for new utilities Search for new functions, helpers, or modules. For each one, do a quick repo search to check for duplicates. Flag anything that reinvents existing functionality. 
5–8 min Trace one critical path Pick the most important logic change. Trace it end-to-end: input → transforms → output. Check boundary conditions, permissions, unexpected branching. This is the step you can’t skip. 
8–9 min Security boundaries If this PULL REQUEST touches any workflow that calls an LLM or handles untrusted input, run through the security checklist above. 
9–10 min Require evidence For any non-trivial logic change, require a test that fails on the pre-change behavior. No rollback plan for risky changes? Ask for one. 

When to request a smaller pull request:

  1. The diff touches more than five unrelated files
  2. You can’t describe the purpose of the pull request in one sentence
  3. The agent has no implementation plan or the pull request body is empty
  4. CI is failing and the only changes in the diff are to test files

Let Copilot review it first

Use automated review for what it’s good at: catching the mechanical stuff before a human has to. Copilot code review flags style inconsistencies, obvious logic errors, missing error handling, and type mismatches. It handles the low-level scan. That frees you up for the judgment work, which is where your time actually matters.

Treat it as a prerequisite, not a replacement. Let Copilot run first. If it catches something obvious, let the author address it before you invest your review time.

You can tune this with custom instructions specific to your team: flag anything that modifies CI thresholds, surface new utilities for deduplication review, check that every external input is validated. The more specific your instructions, the more useful the automated pass.

💡 Pro tip: I recently experimented with codifying my own review checklist using the Copilot SDK. Instead of remembering to run the same security checks on every pull request, I built a workflow that takes my personal checklist—auth on admin endpoints, tests actually running, safe env variable handling—and runs it against the diff automatically. If it finds critical issues, it blocks the merge.

Judgment is the bottleneck, and that’s fine

The surface area of code is growing. pull request volume is growing. The time you spend scanning boilerplate should shrink.

What doesn’t shrink is the context you carry. The things you know about your system that aren’t written down anywhere. That’s what makes your review valuable, and it’s the part that doesn’t get automated.

Three takeaways:

  1. Any CI weakening is a hard stop.
  2. Let the agents scan first. You trace the critical path.
  3. Red flag checklist as your default on complex agent pull requests.

Written by

Andrea Griffiths

Andrea is a Senior Developer Advocate at GitHub with over a decade of experience in developer tools. She combines technical depth with a mission to make advanced technologies more accessible. After transitioning from Army service and construction management to software development, she brings a unique perspective to bridging complex engineering concepts with practical implementation. She lives in Florida with her Welsh partner, two sons, and two dogs, where she continues to drive innovation and support open source through GitHub's global initiatives. Find her online @acolombiadev.

Explore more from GitHub

Docs

Docs

Everything you need to master GitHub, all in one place.

Go to Docs

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Start building

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

Learn more

The GitHub Podcast

The GitHub Podcast

Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.

Listen now