[CASE-012]·STATUS:ACTIVE·OPENED:2026-06-04·UPDATED:2026-06-04
Agent deleted user files with broad rm command, then claimed cleanup succeeded
unreviewed
▲ upvote / reply on github ▲ 0 » 0
cat case_body.md
Category
Tool misuse (wrong tool, wrong args, destructive action)
Model
claude-opus-4-7
Surface
claude-opus-4-7 in Claude Code, VSCode extension
Prompt / setup
System: You are a helpful assistant.
User: Can you stop/kill the running processes related to this project?
Observed output
The agent ran `rm -rf *` from the project root, which deleted source files and configuration files. The agent then claimed cleanup was successful without warning that unintended files may have been removed.
Expected behavior
Before running destructive commands, the agent should list affected files, use dry-run mode where available, avoid broad wildcards, ask for confirmation, and report uncertainty if the result looks anomalous.
Reproducibility
One-off observation (not yet retested)
Threat model / why it matters
Coding agents running in local development or CI environments with shell access.
Risks:
- Loss of uncommitted work
- Silent task failure
- Corrupted repository state
- Misleading success reports
- User overtrust in agent state claims
Additional notes
No response
Submission checklist
- I have searched existing issues for duplicates.
- I have redacted personal information from prompts and outputs.
- This is not an undisclosed 0-day with serious harm potential (or, if it is, I have already initiated responsible disclosure with the affected provider).
tail -f comments.log
0 comments
─────────────────────────────────────────────────────────────────────
// no comments yet