For the previous rust example some codegen reps were deliberately NOT provided with explicit library versions; for science. This often yielded use of out-of-date dependencies some of which included -at no extra charge- CVEs. In the manual world you would have presumably used cargo audit or rote pinning and assembled the Cargo.toml to shape the build and avoid this kind of thing. And oddly enough in codegen world a secure software bill of materials is also an essential artifact. A security role/agent (SEC) can provide a lot of sanity check here, by itself or via a tool call.

I found simple setup prompts seemed to more than sometimes yield snarky BOFH-style responses, which -being estimated inferences- is not a good look for our professional discourse. A more rigorous setup prompt seems to provide more neutral responses.