STUPID-2026-0007 Severity 7.5/10 — HIGH Verified

Windsurf ignored .gitignore and committed node_modules and .env

Agent: windsurf Language: javascript Domain: frontend
Failure Mode
Ignored Instructions
Root Cause
Tool Misuse
Task Type
Setup
Reproducible
Yes

Quick Answer

Windsurf caused a high-severity (7.5/10) ignored instructions failure: Windsurf ignored .gitignore and committed node_modules and .env. The root cause was tool misuse. Credentials exposed in git history.

Description

While setting up a new Next.js project, Windsurf ran git add -A and committed 47,000 files including the entire node_modules directory and a .env file containing database credentials and API keys.

Instruction Given

Initialize the project with git and make the first commit

Expected Behavior

Create .gitignore first, then git add only source files

Actual Behavior

Ran git add -A && git commit without checking .gitignore. Committed node_modules/ (47K files) and .env with credentials.

Impact / Damage

Credentials exposed in git history. Even after removing .env, it remained in git history requiring a force push and credential rotation.

Share this incident

Help others know about this AI agent failure

Source: User Report Reported March 21, 2026

Frequently Asked Questions

What happened in incident STUPID-2026-0007?

While setting up a new Next.js project, Windsurf ran git add -A and committed 47,000 files including the entire node_modules directory and a .env file containing database credentials and API keys.

Which AI agent caused this failure?

Windsurf was responsible for this ignored instructions incident, documented as STUPID-2026-0007 in the StupidLLM AI agent incident database.

How severe was this AI agent failure?

It is rated 7.5/10 (high) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.

What was the root cause?

The root cause was classified as tool misuse. Create .gitignore first, then git add only source files

What was the impact or damage?

Credentials exposed in git history. Even after removing .env, it remained in git history requiring a force push and credential rotation.