[DOCS] Inaccurate Security Claim: `permissions.deny` does not make files "completely invisible"

Resolved 💬 3 comments Opened Jan 22, 2026 by coygeek Closed Jan 23, 2026

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/settings

Section/Topic

The section titled "Excluding sensitive files" (under the "System prompt" section).

Current Documentation

"Files matching these patterns will be completely invisible to Claude Code, preventing any accidental exposure of sensitive data."

What's Wrong or Missing?

The phrase "completely invisible" is factually incorrect and potentially dangerous from a security perspective.

Configuring permissions.deny for Read(./pattern) prevents the agent from using the Read tool to access the content of the file. However, it does not prevent the agent from seeing the file's existence, metadata, or filename via the Bash tool.

If Claude Code runs ls -la, find, or git status, it will still see these files listed in the standard output. Therefore, they are not "completely invisible." Relying on this documentation might lead users to believe that even the existence of sensitive files is hidden, which is not the case.

Suggested Improvement

The text should be updated to accurately reflect that this setting prevents read access, not visibility within the shell environment.

Suggested text:
"Files matching these patterns cannot be read by Claude Code, preventing accidental exposure of sensitive file contents. Note that file names and metadata may still be visible to Claude if it executes Bash commands (like ls or find) in the directory."

Impact

High - Prevents users from using a feature

Additional Context

This distinction is critical for users who may have sensitive file names or who rely on "security by obscurity." Users need to know that while the agent can't cat the file, it knows the file is there.

Related documentation regarding Bash capabilities:

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗