I’ve been testing the Copilot Agent with Claude 4 Sonnet a bit lately. I purposely let it do it’s thing without checking/verifying anything.

It does a lot of things well but it also checked in and commited secrets to git many times, and even tried to push them to the remote repo. GitHub blocked the push though after analyzing the commits, which was kind of impressive tbh. I didn’t really know they did this check on push to remote.