Question
You're directing an AI agent to write a Python regex-based check that decides whether an uploaded filename is 'safe' (no path traversal, no control characters) before the server writes it to disk. Write the spec that makes the check actually safe. What anchoring, character-class, and unicode/multiline constraints do you mandate, and what acceptance criteria prove a malicious name is blocked? Then describe what a naive prompt ('regex to validate a safe filename') gets dangerously wrong.
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.