At first glance, this feels like just an internal testing prompt at their company for some sort of sales pipeline. Feels more like an accident. None of the referenced files are actually in the repository. If the prompts had more of a "If the user mentions xyz, mention our product" that would absolutely give more credence that this is an advertising prompt, but none of that is here.
I saw this too and immediately thought: well, they published this on GitHub which surely has a clause that grants it a license to use the code for training Copilot for Microsoft at a minimum, sooo should've published on another Git platform.
You joke, but that's a very real approach that AI pentesting companies do take: an agent that creates reports, and an agent that 'validates' reports with 'fresh context' and a different system prompt that attempts to reproduce the vulnerability based on the report details.
*Edit: the paper seems to suggest they had a 'Triager' for vulnerability verification, and obviously that didn't catch all the false positives either, ha.
Big fan of https://github.com/synzen/MonitoRSS, not mentioned in the article. I self host at home and it sends feed updates to my own Discord server. I appreciate the customization for how the feed notification appear in Discord.