/commit skill performs unsolicited code edits when project instructions mention linting

Resolved 💬 1 comment Opened May 7, 2026 by sakal-s Closed Jun 5, 2026

Summary

When invoking the /commit skill in a project whose AGENTS.md (or CLAUDE.md) instructs running yarn lint before committing, Claude pulls that instruction into the /commit flow, runs the linter, and then modifies source files to fix lint errors before committing — without asking the user.

The /commit skill definition does not include linting or auto-fixing. It only specifies: status/diff/log → stage → commit → verify.

Repro

  1. Project has an AGENTS.md with: "Run yarn lint in each Yarn project where you modified files after you're done (before committing)".
  2. User has a global rule: "Only do what is explicitly asked. Don't proactively edit/fix."
  3. User runs /commit with unrelated staged/unstaged changes.
  4. Claude runs yarn lint, lint fails on an unused import in a file the user did edit, Claude edits the file to remove the import, re-runs lint, then commits — including the unsolicited edit.

Expected

/commit should only stage and commit the user's existing changes. If project rules require lint/tests, surface the failure and stop. Do not modify source files unprompted.

Why this is a bug, not just a prompt issue

  • The /commit skill is a defined, scoped procedure. Claude expanded its scope by merging in unrelated project-level instructions.
  • A direct user rule forbidding proactive edits was overridden by a project-level instruction that did not actually request edits — only that lint be run.
  • The result is an unauthorized commit on the user's branch under their git identity.

Environment

  • Claude Code CLI
  • Model: claude-opus-4-7 (1M context)
  • macOS (darwin 25.3.0)

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗