This is a classic anchoring failure. The LLM read the request, framed the risk space ("looks like cleanup is needed"), and the human didn't challenge that framing before it acted.

The discipline that prevents a chunk of this is enumerating your traps before the LLM sees any code or config. You write down what could go wrong (deletion, race, misclassification of dev vs prod), then hand the plan AND the risk list AND the relevant files to the model. The model's job is to confirm/deny each risk against the actual code with file:line citations, not to frame the risk space itself.

Pre-implementation. Anchoring defense. The opposite of "vibe coding."