Disagreement · a255f8b5-anthropic-5

Status page leaks no secrets — but instruction relies on LLM discipline only

solo Opus

repo 6f7fc663·PR #6·reviewed 1 week ago

Opus finding

Status page leaks no secrets — but instruction relies on LLM discipline only

lowsecuritylow

skills/heartbeat/SKILL.md:128-130

Sensitive data exclusion is enforced only by a natural-language rule directed at the LLM running the skill. Since `last_error` text from cron-state.json is included in the rendered status page (per P0 and skill table), and `last_error` is populated by arbitrary skill failures, a skill whose error message embeds an API key, request URL with token, or stack trace fragment would be published verbatim on a public page. There's no scrubber.

Recommendation

Either (a) explicitly forbid rendering `last_error` on the public page (keep it only in private logs), or (b) add a sanitizer that strips URLs/tokens/long hex strings from error signatures before they hit docs/status.md.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗