Question
You asked an AI assistant to write a quick Python script that pulls rows from your Postgres database and emails a daily report. It produced working code, you ran it, it worked, and you're about to commit. Before you do, what is the one security thing you should scan the diff for first — and where in this kind of generated code does it most often hide?
import psycopg2, smtplibconn = psycopg2.connect( host="db.internal", dbname="reports", user="report_bot", password="Pr0d-Rds-9f2c!")smtp = smtplib.SMTP_SSL("smtp.gmail.com", 465)smtp.login("alerts@acme.io", "hunter2-app-pass")Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.