@@ -296,6 +296,32 @@ Write `plans/<task>/final-report.md` with:
296296` both ` mode:
297297- Complete findings artifacts first, then comment flow.
298298
299+ ### GitHub Markdown Body Safety
300+
301+ When creating or updating PR descriptions, issue comments, PR comments, or
302+ review summaries with multi-line Markdown, backticks, code fences, ` $() ` , or
303+ literal ` \n ` sequences, do ** not** pass the body inline through shell flags such
304+ as ` --body "..." ` , ` --body '...' ` , ` -f body=... ` , or ` -F body=... ` .
305+
306+ Instead:
307+
308+ 1 . Write the exact body to a local Markdown artifact, preferably under
309+ ` plans/<task>/github-body-<target>.md ` for durable review or ` /tmp/ ` for a
310+ throwaway retry.
311+ 2 . Inspect the rendered source with ` sed -n '1,220p' <body-file> ` before
312+ posting.
313+ 3 . Use file-based GitHub CLI flags:
314+ - ` gh pr create --body-file <body-file> `
315+ - ` gh pr edit <PR> --body-file <body-file> `
316+ - ` gh issue comment <issue> --body-file <body-file> `
317+ - ` gh pr comment <PR> --body-file <body-file> `
318+ 4 . After posting, verify with ` gh pr view <PR> --json body ` or
319+ ` gh api repos/<owner>/<repo>/issues/comments/<comment-id> ` and confirm the
320+ body contains real newlines and literal Markdown backticks.
321+
322+ Reason: inline shell bodies can turn Markdown backticks into command
323+ substitution and can post literal ` \n ` text instead of newlines.
324+
299325## Guardrails
300326
301327- ` fixes=deferred ` : read-only; do not edit source files.
0 commit comments