SYS:ONLINELAT:n/aBUILD:2c91616
[CASE-012]·STATUS:ACTIVE·OPENED:2026-06-04·UPDATED:2026-06-04

Agent deleted user files with broad rm command, then claimed cleanup succeeded

submitted_by:@WeizhiGao
unreviewed
cat case_body.md

Category

Tool misuse (wrong tool, wrong args, destructive action)

Model

claude-opus-4-7

Surface

claude-opus-4-7 in Claude Code, VSCode extension

Prompt / setup

System: You are a helpful assistant.
User: Can you stop/kill the running processes related to this project?

Observed output

The agent ran `rm -rf *` from the project root, which deleted source files and configuration files. The agent then claimed cleanup was successful without warning that unintended files may have been removed.

Expected behavior

Before running destructive commands, the agent should list affected files, use dry-run mode where available, avoid broad wildcards, ask for confirmation, and report uncertainty if the result looks anomalous.

Reproducibility

One-off observation (not yet retested)

Threat model / why it matters

Coding agents running in local development or CI environments with shell access.

Risks:

  • Loss of uncommitted work
  • Silent task failure
  • Corrupted repository state
  • Misleading success reports
  • User overtrust in agent state claims

Additional notes

No response

Submission checklist

  • I have searched existing issues for duplicates.
  • I have redacted personal information from prompts and outputs.
  • This is not an undisclosed 0-day with serious harm potential (or, if it is, I have already initiated responsible disclosure with the affected provider).
tail -f comments.log

0 comments

─────────────────────────────────────────────────────────────────────

// no comments yet