AntFleet

Disagreement · 70b30f32-openai-0

Unescaped user-controlled text in PR comments can trigger unintended GitHub mentions/formatting

mismatch
repo e24ef98c·PR #8·reviewed 1 week ago

Primary finding

Unescaped user-controlled text in PR comments can trigger unintended GitHub mentions/formatting

mediumsecurityhigh
  • apps/web/lib/pr-comment.ts:43
  • apps/web/lib/pr-comment.ts:48-50
  • apps/web/lib/pr-comment.ts:107
Finding titles, reasoning, and recommendations are inserted directly into Markdown without escaping. While GitHub sanitizes raw HTML, Markdown mentions like @org/team or #123 will still resolve and may ping users or cross-link unexpectedly. Agent-produced content could include such tokens, causing notification spam or misleading formatting in posted comments and receipts.

Recommendation

Sanitize user-provided strings before interpolation: at minimum, neutralize mention and autolink tokens (e.g., replace "@" with "@\u200b" or "@"), and escape Markdown-reserved characters where appropriate. Alternatively, wrap dynamic text in code spans to prevent Markdown interpretation. Add a small sanitizer used by both formatPRComment and formatClosureReceipt.

Counterpart finding

formatPRComment cost rounding can display '$0.00' for sub-cent reviews

lowmaintainabilityhigh
  • apps/web/lib/pr-comment.ts:35-38
estimatedCostUsd is rendered with toFixed(2). If the actual cost is, e.g., $0.004, the footer will print '~$0.00' which is misleading and arguably a docs/observability bug since AGENTS-style direct/technical voice should not show cost as zero. Same concern for totalMs: Math.round(500/1000) = 0s.

Recommendation

Use a small-number-aware formatter (e.g., '< $0.01' when cost < 0.005), and similarly for sub-second timings.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗