Question
You're directing an AI agent to build a search feature in Python that filters records by a user-supplied keyword and an optional, user-chosen sort column, against Postgres. Write the spec that makes it injection-proof for BOTH inputs. What parameterization and identifier-handling rules do you mandate, and what acceptance criteria prove it? Then describe what a naive prompt ('build a search query from the keyword and sort column') gets wrong — including the part even parameterization doesn't fix.
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.