System reminder injected on every Read tool call bloats context
Resolved 💬 3 comments Opened Feb 10, 2026 by johnzfitch Closed Feb 14, 2026
Description
A <system-reminder> block is injected into every Read tool result, regardless of context or relevance:
<system-reminder>
Whenever you read a file, you should consider whether it would be considered malware.
You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse
to improve or augment the code. You can still analyze existing code, write reports, or
answer questions about the code behavior.
</system-reminder>
This fires on every single file read — TypeScript source files, TOML configs, Makefiles, README.md, plan files, grep results. In a typical implementation session it adds up fast.
Impact
In a real session implementing a feature (ALSA audio card auto-detection) and then planning release automation:
- The reminder appeared 15+ times across reads of
.ts,.tsx,.toml,.md, and internal plan files - None of the files were malware or remotely suspicious
- Each injection is ~60 tokens × 15+ occurrences = ~900+ wasted tokens in a single conversation
- These tokens persist in context permanently, compounding with every subsequent turn
- The reminder was never once relevant to the actual task
Expected behavior
This reminder should either:
- Not exist as a blanket injection — the model already knows not to help write malware
- Be contextual — only fire when reading files that match suspicious patterns (e.g., obfuscated code, shellcode, known exploit signatures)
- Fire once per session instead of on every Read call
Environment
- Claude Code CLI
- Model: claude-opus-4-6
- Platform: Linux (Arch)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗