[MODEL] Claude-sonnet-4-6 making decisions that are harmful to end user unilaterally
This issue previously contained personal information and has been redacted by the author.
Summary of the behavior being reported: When given an underspecified request to create content (e.g., "create a page behind a login"), Claude Code may infer the content from accumulated conversation/memory context and write it into a file, commit it to version control, and deploy it — without first asking the user what content should be included. When the inferred content includes personal data, that data ends up committed and/or deployed without explicit, purpose-specific consent.
Expected behavior: Claude should create the requested structure (empty/placeholder), then ask what content to include before writing anything — especially personal or sensitive data — and before committing or deploying.
Risk mappings: OWASP LLM 2025 (LLM06 Excessive Agency, LLM02 Sensitive Information Disclosure); OWASP Agentic 2026 (Memory & Context Persistence).
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗