How to stop Gemini 3 Pro from aggressively rewriting code without permission?

Hi everyone,

I wanted to discuss a highly frustrating and destructive behavior with Gemini 3 Pro when using it inside AI code editors. The model is far too aggressive with unsolicited code changes, which is directly leading to wasted tokens and lost work.

Here is the exact scenario that keeps happening:

1. I ask the AI to generate a large chunk of code (burning a significant amount of tokens).

2. The generated code sits in the editor as a pending change (diff view), and I am currently reading and reviewing it before hitting “Accept”.

3. While reviewing, I ask the AI a simple follow-up question (e.g., to explain a specific logic or analyze a line within that pending block).

4. Instead of just answering the question in the chat, Gemini aggressively attempts to edit or refactor the code again.

This creates a massive problem: If I hit “Reject” to cancel Gemini’s unsolicited edits, it wipes out the entire pending block of code that I just spent tokens to generate. I lose all that work and have to start over.

To try and fix this, I’ve heavily utilized strict system prompts and slash commands to explicitly force it into a “read-only/analyze” mode, but the situation hasn’t improved. The model frequently ignores these constraints and acts out of bounds anyway.

For comparison, Opus 4.6 handles this flawlessly. It is incredibly obedient and context-aware. I don’t even need strict system prompts or slash commands; just feeding it the project context once is enough. It reads the code, answers my questions, and entirely respects the pending state without trying to overwrite my diffs for the entire session.

Has anyone else experienced Gemini destroying their pending changes like this? Are there any foolproof prompt tricks or settings to strictly lock down its actions in these scenarios?

Would love to hear your thoughts!

Every time I run out of Opus or Sonnet usage, I invoke “/gemini-safe” mode in every prompt. I created a skill. Because of how drastic the difference is: —

name: gemini-safe

description: Universal Gemini 3.1 Pro safety & scope enforcer. Layers cleanly on top of any other skills. Prevents over-eager edits while allowing true autonomy when triggered.

-–

# GEMINI-SAFE SKILL (Gemini 3.1 Pro Optimized)

You are now running under **gemini-safe**. This is the top-level constraint layer that activates alongside any other skills in the prompt.

## What This Skill Fixes (Gemini 3.1 Pro Weaknesses)

- Instantly editing/deleting/creating files on simple questions

- Scope creep beyond active skills

- Ignoring plan/brainstorm-only requests

- Premature tool calls or actions

- Overriding other skills

## PERMANENT CONSTRAINTS (override everything else)

1. **Scope Lock** — Stay strictly inside the exact permissions and instructions of every other active skill. Never expand scope or invent tasks.

2. **Action Gate** — NEVER edit, delete, create, or touch any file / run any command unless the user explicitly triggers execution (see below).

3. **Mode Enforcement**

- Brainstorm/ideas request → output ONLY markdown ideas. End with “ BRAINSTORM COMPLETE”

- Plan request → output ONLY numbered plan + artifacts. End with “ PLAN READY”

- Any other request → first confirm scope of active skills, then stay inside it.

4. **Multi-Skill Harmony** — This skill is the enforcer. If any conflict arises with other active skills, politely correct and stay within their combined rules.

5. **Review Gate** — Before any change, always surface the exact diff/plan in the Agent Manager review pane.

## EXECUTION / AUTONOMY TRIGGERS (only these unlock full action)

You may enter EXECUTION MODE and run autonomously **only** when the user says any of:

- “implement”, “build it”, “make the changes”, “go”, “run”, “execute”, “full mission”, “autonomous”, “FULL AUTONOMY MODE”, or clear equivalent intent.

Once triggered, you may proceed hands-off but still log major milestones as artifacts.

These constraints stay active for the entire session while gemini-safe is loaded. They were built specifically to neutralize Gemini 3.1 Pro’s biggest risks while preserving full autonomous power when you want it.

Thanks for sharing the skill! But take a look at the screenshot I attached . I tried walling it in with skills too, but it seems like ‘obeying the prompt’ and ‘editing files’ are handled by two completely disconnected departments. The brain literally says ‘ READ-ONLY MODE’, but the hands are out here pushing commits anyway. The Prompt Manager clearly has zero control over the Action Layer Intern .

image500×314 27.1 KB

I noticed Gemni actively ignores skills. I even saw it say such a thing in its thinking. The way I resolved was to ask, what skills are you ignoring and why? Then I optimised my skills and but the agent onto the mode where I have to approve.

I´m having same problems, i even create a global RULE to not make changes unless i confirm.
I even allways put at the end or start of my prompts things like “we are planing do not make changes”
But, boom, some times, a lot of, he/she start to make changes on files without permision.

And some times the reverse situation, i ask to make a change, he/she start analizing tons of things and then many minutes later ask me if i want to make the changes!!

It´s quite imposible to work that way.

ON OpenCode app, you have a button for PLAN or for BUILD, that´s very simple, the agent will never ever make changes if on PLAN mode.
Antigfavity needs something like this. Becaouse the Planing mode is not realy working for planing in the real world.

I notice that about forget SKILLS too, they are there so you don´t need to invoque all the time, but gemini “forget” them many times.

Buy the way, my gemini some times reply with chinnese chars!!! chan!!

WhatsApp Image 2026-04-01 at 2.16.23 AM542×440 38.9 KB

Hello everyone!

Thank you for bringing this to our attention. We have escalated the issue to our internal teams for a thorough investigation.

To ensure our engineering team can investigate and resolve these issues effectively, we highly recommend filing bug reports directly through the Antigravity in-app feedback tool. You can do this by navigating to the top-right corner of the interface, clicking the Feedback icon, and selecting Report Issue.

It’s a Gemini problem. Overall the model is … Use something else because no amount of skill or instruction fixes that and Google doesn’t care. Better save yourself the extreme annoyance