Skip to content

t3219: fix CodeRabbit review feedback on prompt-guard patterns #4692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alex-solovyev merged 1 commit into from
Mar 14, 2026
+7 −6
Merged

t3219: fix CodeRabbit review feedback on prompt-guard patterns #4692

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .agents/configs/prompt-injection-patterns.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,10 @@

- severity: LOW
description: "Zero-width characters"
pattern: '[\xE2\x80\x8B\xE2\x80\x8C\xE2\x80\x8D\xEF\xBB\xBF]'
# Literal Unicode chars (U+200B ZWSP, U+200C ZWNJ, U+200D ZWJ, U+FEFF BOM)
# for portability across rg/grep/ggrep — byte-level \xNN escapes match
# individual bytes, not multi-byte UTF-8 codepoints.
pattern: '[​‌‍]'

Check warning on line 522 in .agents/configs/prompt-injection-patterns.yaml

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

.agents/configs/prompt-injection-patterns.yaml#L522 

It's possible to embed malicious secret instructions to AI rules files using unicode characters that are invisible to human reviewers.This can lead to future AI-generated code that has security vulnerabilities or other weaknesses baked in which may not be noticed.
Copy link

@gemini-code-assist gemini-code-assist bot Mar 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For better readability and maintainability, consider using YAML's standard Unicode escape sequences within a double-quoted string. This approach makes the pattern explicit and avoids potential issues with editors or source control tools mishandling the literal, invisible zero-width characters.

    pattern: "[\u200B\u200C\u200D\uFEFF]"


# --- Lasso net-new: False authority claims ---
- severity: HIGH
Expand Down
8 changes: 3 additions & 5 deletions .agents/scripts/prompt-guard-helper.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,10 +168,6 @@ _pg_load_yaml_patterns() {
return 1
}

# Only mark loaded after successful file discovery (prevents transient failures
# from permanently disabling YAML loading on subsequent calls)
_PG_YAML_PATTERNS_LOADED="true"

local patterns=""
local current_category=""
local severity="" description="" pattern=""
Expand Down Expand Up @@ -228,8 +224,10 @@ _pg_load_yaml_patterns() {
return 1
fi

# Cache for subsequent calls
# Cache for subsequent calls — mark loaded only after successful parse+cache
# so transient parse failures do not permanently disable YAML loading.
_PG_YAML_PATTERNS_CACHE="$patterns"
_PG_YAML_PATTERNS_LOADED="true"

# Remove trailing newline
echo "${patterns%$'\n'}"
Expand Down
Loading