Disagreement · cdf9ffa0-anthropic-3

Spend cap message uses literal `${TODAY_SPEND}` interpolation that double-prefixes dollar signs and is shell-fragile

solo Opus

repo 6f7fc663·PR #4·reviewed 1 week ago

Opus finding

Spend cap message uses literal `${TODAY_SPEND}` interpolation that double-prefixes dollar signs and is shell-fragile

lowmaintainabilityhigh

scripts/postprocess-admanage.sh:72

The escape `\$${TODAY_SPEND}` is intended to render a literal `$` followed by the value, but if TODAY_SPEND were ever empty/whitespace (e.g., from a failed jq filter), the message renders as `today=$ cap=$50` which is confusing. Combined with the silent failure mode above, the operator gets a misleading number rather than a hard error.

Recommendation

Build the message with printf and only after validating both values are numeric.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗