From c6d1852e1acf7de9b05e29a5b7340d00adcf432c Mon Sep 17 00:00:00 2001 From: Roo Code Date: Wed, 4 Mar 2026 21:50:43 +0000 Subject: [PATCH] fix: prevent model from using shell scripts to modify file contents Add explicit prohibitions in write_to_file and execute_command tool descriptions to prevent the model from falling back to shell scripts (sed, echo, cat, printf, tee, etc.) when modifying file contents. Instead, the model is directed to use the dedicated file editing tools (apply_diff, edit, or write_to_file). Closes #11861 --- src/core/prompts/tools/native-tools/execute_command.ts | 2 ++ src/core/prompts/tools/native-tools/write_to_file.ts | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/core/prompts/tools/native-tools/execute_command.ts b/src/core/prompts/tools/native-tools/execute_command.ts index 68c68dc5fd8..1b89d6c54d5 100644 --- a/src/core/prompts/tools/native-tools/execute_command.ts +++ b/src/core/prompts/tools/native-tools/execute_command.ts @@ -2,6 +2,8 @@ import type OpenAI from "openai" const EXECUTE_COMMAND_DESCRIPTION = `Request to execute a CLI command on the system. Use this when you need to perform system operations or run specific commands to accomplish any step in the user's task. You must tailor your command to the user's system and provide a clear explanation of what the command does. For command chaining, use the appropriate chaining syntax for the user's shell. Prefer to execute complex CLI commands over creating executable scripts, as they are more flexible and easier to run. Prefer relative commands and paths that avoid location sensitivity for terminal consistency. +**Important:** Do not use this tool to modify file contents (e.g., via sed, echo, cat, printf, tee, or shell scripts). Use the dedicated file editing tools (apply_diff, edit, or write_to_file) instead. + Parameters: - command: (required) The CLI command to execute. This should be valid for the current operating system. Ensure the command is properly formatted and does not contain any harmful instructions. - cwd: (optional) The working directory to execute the command in diff --git a/src/core/prompts/tools/native-tools/write_to_file.ts b/src/core/prompts/tools/native-tools/write_to_file.ts index b9e9b313a22..a036e056918 100644 --- a/src/core/prompts/tools/native-tools/write_to_file.ts +++ b/src/core/prompts/tools/native-tools/write_to_file.ts @@ -2,7 +2,9 @@ import type OpenAI from "openai" const WRITE_TO_FILE_DESCRIPTION = `Request to write content to a file. This tool is primarily used for creating new files or for scenarios where a complete rewrite of an existing file is intentionally required. If the file exists, it will be overwritten. If it doesn't exist, it will be created. This tool will automatically create any directories needed to write the file. -**Important:** You should prefer using other editing tools over write_to_file when making changes to existing files, since write_to_file is slower and cannot handle large files. Use write_to_file primarily for new file creation. +**Important:** You should prefer using the apply_diff or edit tools over write_to_file when making changes to existing files, since write_to_file is slower and cannot handle large files. Use write_to_file primarily for new file creation. + +**Critical:** Never use execute_command to write shell scripts or run shell commands (like sed, echo, cat, printf, tee, etc.) as a workaround for modifying file contents. Always use the dedicated file editing tools (apply_diff, edit, or write_to_file) instead. When using this tool, use it directly with the desired content. You do not need to display the content before using the tool. ALWAYS provide the COMPLETE file content in your response. This is NON-NEGOTIABLE. Partial updates or placeholders like '// rest of code unchanged' are STRICTLY FORBIDDEN. Failure to do so will result in incomplete or broken code.