docs: add Reviewed by PatchPilots badge

[alavesa]

No description provided.

[alavesa]

Doing the run locally, as the gh actions took too much time.

PatchPilots Self-Review — 49 findings

Cost: $0.34 | Files: 20 | Batches: 4

Summary

Severity	Count
🔴 Critical	5
🟡 Warning	32
🔵 Info	12

Critical findings

File	Finding
orchestrator.ts:188	String.replace only patches first occurrence — silently skips the rest
orchestrator.ts:188	$ characters in patch.replace interpreted as regex special sequences
llm-client.ts:43	options.temperature silently ignored — hardcoded to 1
llm-client.ts:74	Infinite recursion on RateLimitError — no retry limit
banner.ts:52	No TTY check before writing ANSI escape codes

Findings by file

File	🔴	🟡	🔵	Total
orchestrator.ts	2	5	1	8
llm-client.ts	2	1	0	3
memory.ts	0	3	1	4
security.ts	0	3	0	3
reviewer.ts	0	3	0	3
planner.ts	0	3	2	5
tester.ts	0	2	2	4
cost.ts	0	2	1	3
config.ts	0	2	1	3
review.ts	0	2	0	2
banner.ts	1	2	0	3
formatter.ts	0	1	2	3
files.ts	0	1	0	1
logger.ts	0	0	1	1
Total	5	32	12	49

Top patterns

• Prompt injection — 3 agents embed user input directly into LLM prompts without sanitization
• Triple-backtick breakout — 4 agents have code fence corruption when file content contains ```
• Zod/TS type drift — 4 agents maintain Zod schemas independently from TypeScript types
• Patch application — String.replace only fixes first occurrence and misinterprets $ in replacements