I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS – this seems silly, but I’ve seen similar (shorter) messages in human codebases and they work.
“Be careful not to introduce security vulnerabilities such as...” – fine
Claude can be used for pentesting – fine
Environment variable for user type with elevated privileges – bad, but unfortunately common
Regex for swear words – seems fine, it’s cheaper than an LLM call, and not actually important enough to deserve one
Subagent to verify another agent’s run – actually good, and the author seems to be misunderstanding why it’s useful
Prompting the model to use a tool call – seems fine? My guess is that this was initially more hardcoded, and when the models got better they found it more effective to switch to an LLM call. And the prompt will likely result in the model debugging if something goes wrong, which is helpful
Long LLM comment – IMO a genuinely helpful comment
Reading the whole file instead of just validating the bytes – this genuinely seems inefficient and wasteful
Several cases of code duplication in slightly different styles – clunky and messy, and one of the big problems with LLM code
System reminder mechanism – seems pretty sketchy
Image example – clunky and messy
So I would say 5⁄12 of his comments point to real problems
I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS – this seems silly, but I’ve seen similar (shorter) messages in human codebases and they work.
“Be careful not to introduce security vulnerabilities such as...” – fine
Claude can be used for pentesting – fine
Environment variable for user type with elevated privileges – bad, but unfortunately common
Regex for swear words – seems fine, it’s cheaper than an LLM call, and not actually important enough to deserve one
Subagent to verify another agent’s run – actually good, and the author seems to be misunderstanding why it’s useful
Prompting the model to use a tool call – seems fine? My guess is that this was initially more hardcoded, and when the models got better they found it more effective to switch to an LLM call. And the prompt will likely result in the model debugging if something goes wrong, which is helpful
Long LLM comment – IMO a genuinely helpful comment
Reading the whole file instead of just validating the bytes – this genuinely seems inefficient and wasteful
Several cases of code duplication in slightly different styles – clunky and messy, and one of the big problems with LLM code
System reminder mechanism – seems pretty sketchy
Image example – clunky and messy
So I would say 5⁄12 of his comments point to real problems