Disagreement · 18907f89-anthropic-1

Quality-score validation lets non-numeric scores leak past `-lt`/`-gt` test, masking parse failures

solo Opus

repo 6f7fc663·PR #31·reviewed 1 week ago

Opus finding

Quality-score validation lets non-numeric scores leak past `-lt`/`-gt` test, masking parse failures

lowbughigh

.github/workflows/aeon.yml:449-453
.github/workflows/aeon.yml:471-476

If Claude returns a fractional score like 4.5 or a string, `[ "$SCORE" -lt 1 ]` will error (and the `2>/dev/null` swallows the error so the branch is not entered), leaving SCORE as the original non-integer value. That value is then passed to `jq --argjson s "$SCORE"` and pushed into history; a non-numeric SCORE will crash jq and fail this step (set -e is not in effect here, but downstream consumers in `skill-health/<skill>.json` will be poisoned). Worse, the `2>/dev/null` hides the test failure so the validation silently no-ops. A trailing space or `4.5` slips through.

Recommendation

Coerce SCORE to an integer explicitly (`SCORE=$(printf '%.0f' "$SCORE" 2>/dev/null || echo 0)`) and validate with a regex before using `-lt`/`-gt`. Remove the misleading `2>/dev/null` on the test.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗