Anatomy · eb14fff2-0

Slack bot-message filter is inverted: BOT_ID = "null" string check rejects real users

highbugclosed in 4b9b492

repo 6f7fc663·PR #2·reviewed 1 week ago·closed 1 week ago

The vulnerable code

.github/workflows/messages.yml:105-117

105
106            for ((i=0; i<COUNT; i++)); do
107              TEXT=$(echo "$RESPONSE" | jq -r ".messages[$i].text // empty")
108              TS=$(echo "$RESPONSE" | jq -r ".messages[$i].ts // empty")
109              BOT_ID=$(echo "$RESPONSE" | jq -r ".messages[$i].bot_id // empty")
110              HAS_CHECK=$(echo "$RESPONSE" | jq -r ".messages[$i].reactions[]? | select(.name == \"white_check_mark\") | .name // empty")
111
112              if [ -n "$TEXT" ] && [ "$BOT_ID" = "null" ] && [ -z "$HAS_CHECK" ]; then
113                # Mark as processed
114                curl -s -X POST -H "Authorization: Bearer $SLACK_BOT_TOKEN" \
115                  -H "Content-Type: application/json" \
116                  -d "$(jq -n --arg ch "$SLACK_CHANNEL_ID" --arg ts "$TS" \
117                    '{channel: $ch, timestamp: $ts, name: "white_check_mark"}')" \

The reasoning

Opus

Slack bot-message filter is inverted: BOT_ID = "null" string check rejects real users

highbughigh

.github/workflows/messages.yml:105-117

`jq -r '.bot_id // empty'` outputs the empty string when `bot_id` is absent (i.e., the message is from a real user), and outputs the actual bot id string when it is a bot. The code then checks `[ "$BOT_ID" = "null" ]` to admit the message. This condition is never true for user messages (where BOT_ID is empty) and never true for bot messages (where BOT_ID is a non-null id), so the Slack branch effectively never dispatches anything. The intent (per comments) is to skip bot messages, so the check should be `[ -z "$BOT_ID" ]`. The Telegram and Discord branches are correctly written, so this is an inconsistency that silently disables Slack ingestion.

Recommendation

Change the guard to `[ -z "$BOT_ID" ]` (consistent with the Telegram chat-id check pattern). Also use `jq -r '.bot_id // ""'` consistently and verify with a unit-style shell test.

GPT-5

Slack messages never processed due to incorrect bot_id null check

mediumbughigh

.github/workflows/messages.yml:106-113

jq -r with // empty yields an empty string for missing bot_id on user messages, never the literal string "null". The condition [ "$BOT_ID" = "null" ] is always false for normal user messages, so no Slack messages are ever processed or marked.

Recommendation

Treat user messages as those without a bot_id by checking for empty BOT_ID, e.g.: - Change condition to: if [ -n "$TEXT" ] && [ -z "$BOT_ID" ] && [ -z "$HAS_CHECK" ]; then Or set BOT_ID with jq -r '.messages[$i].bot_id? // empty' and use the same empty check.

The agreement

Both frontier models flagged this within the same line range. AntFleet's unanimous gate fired — the finding posted on the PR. Closed in 4b9b492.

The fix

105          # --- Parse aeon.yml ---
106          declare -A SKILL_ENABLED SKILL_SCHEDULE SKILL_VAR
107          SKILL_ORDER=()
108          CURRENT_SKILL=""
109          while IFS= read -r line; do
110            # Inline format: skill-name: { enabled: true, schedule: "..." }
111            if [[ "$line" =~ ^\ \ ([a-zA-Z0-9_-]+):\ *\{(.+)\} ]]; then
112              CURRENT_SKILL="${BASH_REMATCH[1]}"
113              INLINE="${BASH_REMATCH[2]}"
114              SKILL_ORDER+=("$CURRENT_SKILL")
115              [[ "$INLINE" =~ enabled:\ *true ]] && SKILL_ENABLED["$CURRENT_SKILL"]="true" || SKILL_ENABLED["$CURRENT_SKILL"]="false"
116              [[ "$INLINE" =~ schedule:\ *\"([^\"]+)\" ]] && SKILL_SCHEDULE["$CURRENT_SKILL"]="${BASH_REMATCH[1]}"
117              [[ "$INLINE" =~ var:\ *\"([^\"]+)\" ]] && SKILL_VAR["$CURRENT_SKILL"]="${BASH_REMATCH[1]}"

Closure

Closed 1 week ago

SHA: 4b9b49251c8c9808bf147d55aa2930352af2e8c0

View closure receipt on GitHub →

Tweet thread template

tweet 1 of 8165 / 280

Two frontier models reviewed PR #2 on 6f7fc663. Both found this bug: high bug: Slack bot-message filter is inverted: BOT_ID = "null" string check rejects real users

tweet 2 of 8124 / 280

The vulnerable code (.github/workflows/messages.yml:105-117): (full snippet at https://www.antfleet.dev/anatomy/eb14fff2-0)

tweet 3 of 8280 / 280

What Opus saw: "`jq -r '.bot_id // empty'` outputs the empty string when `bot_id` is absent (i.e., the message is from a real user), and outputs the actual bot id string when it is a bot. The code then checks `[ "$BOT_ID" = "null" ]` to admit the message. This condition is neve…

tweet 4 of 8261 / 280

What GPT-5 saw: "jq -r with // empty yields an empty string for missing bot_id on user messages, never the literal string "null". The condition [ "$BOT_ID" = "null" ] is always false for normal user messages, so no Slack messages are ever processed or marked."

tweet 5 of 897 / 280

Both flagged the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

tweet 6 of 893 / 280

The fix landed in commit 4b9b492: (view diff at https://www.antfleet.dev/anatomy/eb14fff2-0)

tweet 7 of 881 / 280

AntFleet reviews every PR with two frontier models. Only unanimous findings post.

tweet 8 of 877 / 280

Full anatomy + reasoning + diffs: https://www.antfleet.dev/anatomy/eb14fff2-0

Paste into X composer one tweet at a time. X has no multi-tweet intent API.

view receipt →all receipts →view disagreements →case studies →