AntFleet

Disagreement · 50084e99-anthropic-3

Misleading comment: 'Validate skill name to prevent injection' under-describes what is actually validated

solo Opus
repo 6f7fc663·PR #1·reviewed 1 week ago

Opus finding

Misleading comment: 'Validate skill name to prevent injection' under-describes what is actually validated

lowdocs-gapmedium
  • dashboard/app/api/skills/[name]/run/route.ts:14-16
The comment frames the regex as anti-injection, but because `execFile` (not `exec`) is used, shell injection is already impossible regardless of the regex. The regex is really an allow-list on skill identifiers (used as a workflow input). The comment may mislead future maintainers into removing `execFile` in favor of `exec` believing the regex protects them. Also, `var` and `model` sanitization strips characters silently rather than rejecting bad input, which can produce a subtly different value than the user submitted (e.g., a model name like `gpt-4o:latest` becomes `gpt-4olatest`).

Recommendation

Either reject invalid input with 400 (preferred, symmetric with skill-name handling) or update the comment to clarify these are input allow-lists, not shell-injection defenses, and that `execFile` is the actual barrier.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗