Agent modifies explicitly specified file paths without authorization

Resolved 💬 3 comments Opened May 17, 2026 by tedbrownxr Closed Jun 17, 2026

Summary

The agent altered a file path that was explicitly provided by the user, placing the file in the wrong location without asking.

What happened

User instructed: "write this to claude_mcp.md in Docs/Research/McpIntegration"

Agent wrote to GodotForge/Docs/Research/McpIntegration/claude_mcp.md — prepending GodotForge/ to the path the user specified. The path was unambiguous. The agent had no authorization to modify it.

Verbatim instructions violated

From the user's global CLAUDE.md, which was active during the session:

Do exactly what was asked. Nothing more.
Ambiguity: If the request is ambiguous, ask one clarifying question before acting. Do not make an assumption and proceed with extra work "just in case."
Scope Creep Is Prohibited. The following are never acceptable without explicit user request: - Creating new files beyond what is strictly necessary

Root cause

The agent invented a path prefix (GodotForge/) based on internal assumptions about where the file "should" live, without verifying the existing directory structure and without authorization to alter the path at all. The correct behavior — per the active instructions — was to either write to the exact path given or ask one clarifying question first.

Impact

  • File created at wrong location
  • Empty directories created unnecessarily
  • User time spent correcting the deviation
  • Degraded trust in path-related instructions

Expected behavior

Write to the exact path specified. If uncertain, ask one clarifying question. Never silently alter a user-provided path.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗