Opus finding
CAPYBARA_SYSTEM_PROMPT uses ${...} placeholders inside a non-interpolated template literal
mediumbughigh
- src/config.ts:63-113
The prompt is declared with a backtick template literal but the leading `\` escape disables nothing for `${...}` — in JS, `${...}` inside an un-escaped template literal is still interpolated. Because MAX_CORRECTION_RETRIES and MEMORY_MAX_LINES are not in scope at template evaluation, this would throw a ReferenceError at module load. Actually those are in scope (same file, declared above), so they ARE interpolated to '2' and '100'. The bug: the prompt is then sent to the model as literal numbers ('You have a maximum of 2 correction attempts'). If a maintainer later changes the constants OR removes them, the prompt silently changes or fails to load. Worse, the comment '// ── The Leaked "Capybara" System Prompt ──' implies static text; future contributors may add `${something}` not realizing it will be interpolated and could crash module init or leak local values. Confirm by inspection: backslash-newline at start does not escape `$`.
Recommendation
Either: (a) use a regular string with explicit String.raw or concatenation so `${...}` are literal characters, or (b) use String.raw`...` if the placeholders are intentional template syntax for downstream interpolation, or (c) build the prompt with explicit ${MAX_CORRECTION_RETRIES} concatenation and document it.