Disagreement · b6cf244f-anthropic-8

leaderboard.sh inherits same jq slice injection / silent parse-error swallow

solo Opus

repo a16d2030·PR #5·reviewed 1 week ago

Opus finding

leaderboard.sh inherits same jq slice injection / silent parse-error swallow

lowmaintainabilitymedium

bankr-signals/scripts/leaderboard.sh:48-55

Same pattern as feed.sh: $LIMIT inlined into jq source. Also the `|| echo` swallows real parse errors with a generic message, hiding API schema regressions.

Recommendation

Use --argjson; remove or narrow the `|| echo` fallback so legitimate jq errors surface.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

mediumdocs-gap
verify-trade.sh prints “verified” without checking provider/sender match — README claim is misleading
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗