u/Slow-Artichoke-4245

Been using Cursor/Claude Code a lot lately and one thing I keep noticing: the code often runs correctly, so it feels production-ready on first pass.
But when you slow down, there are small things hiding underneath:
- missing validation on inputs
- error handling that leaks too much detail
- auth checks that work in the happy path but miss edge cases
- frontend checks that should really be enforced on the backend
Curious what others have seen. What’s the most subtle bug or security issue AI-generated code gave you that initially looked totally fine?

PS: over the months my skill files have also gotten messy and agents conveniently ignore it. Is it just me 🤯