Proposal: Contributor reputation check workflow for spam/astroturf detection #1533
Replies: 1 comment 1 reply
-
|
Thanks for the deeper info into the project and the thinking that motivated the creation of #1520. I've reopened that PR to review on it. One observation I have on the format is that it is somewhat ambiguous in the report it adds as a comment. When looking at some of the runs on the agent-governance-toolkit repo, I find that the column Happy to raise an issue on the tool repo if that's useful feedback. |
Beta Was this translation helpful? Give feedback.
-
No problems! Thank you please open an issue and I'll address in AGT. Let's work together to further bake this check. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Context
Multiple AI agent and governance repos on GitHub have been targeted by coordinated inauthentic contribution campaigns:
We built detection tooling for this in microsoft/agent-governance-toolkit and have been using it on our own repo successfully.
Proposal
Add a lightweight GitHub Actions workflow that screens new PRs and issues for these patterns:
Results are posted as a comment + label on MEDIUM/HIGH risk items for maintainer review. No auto-closing, just flagging.
The workflow uses stdlib-only Python scripts (no pip install), runs on
pull_request_targetandissuesevents, and needs only the defaultGITHUB_TOKEN.Why awesome-copilot specifically
This repo has 21,000+ stars and accepts community contributions (instructions, skills, prompts). That makes it a natural target for credential-building campaigns. The workflow would help maintainers spot patterns early.
Previous attempt
I submitted PR #1520 directly without discussing first. @aaronpowell rightly closed it and asked for discussion first. So here we are!
Happy to discuss scope, thresholds, or alternative approaches. The scripts are MIT-licensed and dependency-free.
Beta Was this translation helpful? Give feedback.
All reactions