This is maybe the most interesting part of LLMs for me - finding ways to exploit them, and then figuring out how to protect against those attacks.

Is there any step in the chain where a repo maintainer in this case could see the full text of what was sent to Copilot in the “hidden” text?