Review: Simon Willison's Agentic Engineering Practices Turned Into Testing, Sandboxing, Prompt-Injection, and Secret-Handling...

Simon Willison's recent Agentic Engineering Patterns guide is valuable because it is not promising magic. It is mostly operational discipline: run tests first, use red/green TDD when possible, do real manual testing, keep reviewable changes small, and treat prompt injection as a live systems-design problem instead of a prompt-writing problem. For Drupal and WordPress teams, that translates into a workable rule set for plugin, theme, and module development. The right takeaway is not "let agents code more." It is "make agent output pass through tighter engineering boundaries than human output would have needed a year ago." What Simon Willison Is Actually Arguing Across the guide and related security posts, four ideas matter most: start with the existing test suite so the agent learns the project's safety rails early; use test-first or red/green loops when introducing new behavior; use browser-based manual testing for real interfaces, not just unit tests; assume prompt injection remains u