LLM outputs backslashes instead of backticks in create_pull_request body, causing path prompts and control character corruption

[m-nash]

Description

When creating pull requests via the create_pull_request MCP tool, the PR body sometimes contains backslash-delimited code spans (\code\) instead of backtick-delimited spans (`code`). This causes two problems:

1. False path detection: The Copilot CLI interprets \RequestReviewAsync\ etc. as Windows file paths and prompts the user to "allow paths" for strings that are not paths
2. Control character corruption: Backslash sequences that happen to match C-style escapes get interpreted as control characters:
   • \a (e.g. \auto_execute) → U+0007 (bell)
   • \r (e.g. \request_review) → carriage return → newline
   • \t (e.g. \task_complete) → tab (U+0009)
   • \v (e.g. \volatile) → vertical tab (U+000B)
   • \n → newline (U+000A)
   • \b → backspace (U+0008)

Reproduction

This is intermittent — some PRs are clean while others are affected. Examples from https://github.com/m-nash/pr-copilot:

• PR Add Dynamic Model Switching in GitHub Copilot CLI During Runtime #34 (affected): Body has \RequestReviewAsync\ instead of backtick-delimited, \auto_execute where \a became bell character (U+0007)
• PR Support OAuth http MCP servers #33 (clean): Same repo, same user, backticks preserved correctly
• PR Ability to use Free Models (0x credits) in Copilot CLI #32 (affected): \[Heartbeat]\, \Task.Run\, \volatile bool IsLoading\ where \v became vertical tab (U+000B)
• PR Easily disable the GitHub MCP server #30 (affected): \ask_user\ where \a became bell (U+0007)

Analysis

1. The GitHub MCP server’s CreatePullRequest handler is a clean pass-through — it takes the body parameter and sends it directly to github.NewPullRequest.Body with no transformation
2. The corruption originates upstream, likely either:
   • The LLM itself generates \code\ instead of `code` in the JSON tool call arguments (intermittently)
   • Or something in the CLI’s JSON parsing/argument extraction converts backticks to backslashes
3. The C-style escape interpretation (\a→bell, \v→vtab) suggests a non-standard string processing step, since these are NOT valid JSON escape sequences (\a and \v are C escapes, not JSON)

Evidence that the LLM generates backslashes

When the issue occurs, the user is prompted to "allow paths" for the backslash-delimited strings in the body argument. This confirms the \ characters are present in the tool call arguments before they reach the MCP server.

Expected behavior

• PR bodies should preserve backtick-delimited code spans as-is
• Strings like \RequestReviewAsync\ in tool arguments should not trigger path access prompts
• No C-style escape interpretation should be applied to PR body text

Environment

• Copilot CLI on Windows
• GitHub MCP server (latest)
• Affects create_pull_request tool body parameter