Code Room
Vibe codingHardvc-g301
Subject Ai collaborationLevel Senior–Staff~20 minCommon in Security interviewsIndustries Software development

Question

A talented junior pairs with you and, with the agent's help, builds a Python Flask endpoint that lets users export their data as a file. The agent's code takes a user-supplied filename and writes/serves a file from a reports directory. The junior is impressed and ready to ship; the tests pass. You spot that the filename flows into a path without sanitization. How do you handle the pairing moment, name the precise vulnerability, and use it to recalibrate the junior's trust in agent output for security-sensitive code?

What a strong answer looks like

Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.

Describe your solution

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.