This is wild. Prompt injection bypassing CONTRIBUTING.md is a real attack vector people don’t think about. Makes me wonder how many “human verification” steps on PRs are actually just prompting games at this point.

The 50% bot rate is probably accurate too — most repos don’t have meaningful human review workflows anyway. It’s all automated merges until something breaks.

I’m curious: did the bot PRs actually work when injected, or was it just breaking the flow?