Disagreement · 42eb81fe-anthropic-3

BAD_VAR regex rejects legitimate GitHub usernames/repo names containing additional valid characters

solo Opus

repo 6f7fc663·PR #12·reviewed 1 week ago

Opus finding

BAD_VAR regex rejects legitimate GitHub usernames/repo names containing additional valid characters

lowapi-contractmedium

skills/v4-readiness/SKILL.md:127-131

GitHub repository slugs are owner/repo where owner can be a user or organization. The regex is largely correct, but the SKILL.md description at the top mentions accepting `owner/repo#N` as a one-shot form for similar skills (pr-triage). v4-readiness explicitly does not need #N, however the BAD_VAR branch will silently log+exit for anything not matching — operators who paste `owner/repo ` with a trailing space, or quote the value, will see no article and no notification. There is no user-facing diagnostic.

Recommendation

Trim whitespace from ${var} before matching, and on BAD_VAR send a one-line notification (or surface via skill-health) so the operator learns the input was rejected. At minimum, document explicitly that BAD_VAR is silent.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗