AntFleet

Disagreement · 1a8e53aa-anthropic-4

`OPERATOR_AUTHORED` derived from comparing enabled-skill names to parent `skills/` directory listing is unreliable

solo Opus
repo 6f7fc663·PR #21·reviewed 1 week ago

Opus finding

`OPERATOR_AUTHORED` derived from comparing enabled-skill names to parent `skills/` directory listing is unreliable

lowbugmedium
  • skills/contributor-spotlight/SKILL.md:163-168
`PARENT_REPO` is referenced but never defined earlier in the spec. Also `gh api .../contents/skills` paginates at 1000 entries; the parent has many skills (visible in `aeon.yml`). Listing parent skills only by directory name compared to enabled keys may produce false positives (e.g. skill renamed upstream) or false negatives (skill imported with same name from a third party). The newsworthy claim "operator-authored or operator-imported novel skills" depends on this comparison being correct; getting it wrong produces public recognition posts that misattribute authorship — a reputational/social bug worth fixing.

Recommendation

Define `PARENT_REPO` explicitly (probably from `git config --get remote.upstream.url` or a known constant). Cross-check operator-authored skills by reading the fork's `skills/<name>/SKILL.md` and confirming it does not exist upstream (or hashes differ). Note in the article that the marking is heuristic.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗