Receipt · c0feb3ca-0

Branch field in skills.lock is ignored when fetching latest commits, causing false results on non-default branches

bughighclosed in 4b9b492closed in 1 hour

repo 6f7fc663·PR #30·reviewed 2 days ago·2 days ago

The finding

skills/skill-update-check/SKILL.md:22
skills/skill-update-check/SKILL.md:31-35
skills/skill-update-check/SKILL.md:42-44

skills.lock entries include a branch field, but Step 3 queries commits without constraining to that branch. GitHub’s commits API defaults to the repository’s default branch, so skills pinned to a non-default branch (e.g., release, develop) will be compared against the wrong history. This can produce false UP-TO-DATE or CHANGED statuses and incorrect diffs and reports.

Fix

In Step 3, filter by the tracked branch: add -f sha={branch} to the gh api repos/{source_repo}/commits call so the latest file commit is resolved on the intended branch. Ensure any subsequent content fetches or comparisons use SHAs from that branch. Also document that branch is required and honored throughout.

Agent attribution

The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.

anthropic

gpt-5

50.2s · error

openai

claude-opus-4-7

80.9s · error

Total

wall-clock review time · est. inference cost

80.9s · $0.40

Sweeper

closed at SHA 4b9b492

closed in 1 hour

internal review id · c0feb3ca

Third-party witnesses

Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.

Closure receipt comment
https://github.com/AntFleet/aeon-bench/pull/30#issuecomment-4476010849
Original review comment
https://github.com/AntFleet/aeon-bench/pull/30#issuecomment-4475378888
The pull request
https://github.com/AntFleet/aeon-bench/pull/30

← back to all receipts