[Bug] Security research false positives: Fable 5 flagging legitimate whitehat repo names
Bug Description
False positive #3 — Fable 5 triggered on git clone of a whitehat security research repo
Session context: applying security research methodology to a fintech trading platform codebase (AgentBip). Legitimate bug bounty research, Bugcrowd registered researcher.
Trigger: a single bash command — git clone https://github.com/Lazy-Jack-Ltd/whitehat-security-research — followed by ls. No exploit code, no vulnerability analysis, no offensive content of any kind.
Likely cause: the repo name contains "whitehat" and "security-research." The classifier appears to be pattern-matching on repository names and paths rather than content.
This is the third false positive in a single session on legitimate fintech and security research work. The pattern suggests the classifier is triggering on terminology associated with security work rather than actual offensive security content.
Environment Info
- Platform: darwin
- Terminal: Apple_Terminal
- Version: 2.1.170
- Feedback ID: 44279d04-a98a-45d5-b12a-2af7d25304e5
Errors
[]This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗