[Bug] False positive security flags based on accumulated context from previous files in session

Open 💬 1 comment Opened Jul 4, 2026 by ariannamethod

Bug Description
Update 2026-07-05 — strongest repro yet, and it isolates the cause cleanly. A HARMLESS 142-line organism file (a numeric forward-pass, NOT a parser) was flagged — but not because of its own content. The PREVIOUS file reviewed in the same session produced routine findings whose wording included memory-safety terms (heap overflow, memcpy without length check, NULL-deref). On the very next turn the classifier fired on the benign file purely from that accumulated context. Proof it is context, not content: the same 142-line file passes cleanly in a fresh session. Nothing about the file changed — only whether the session already held prior findings. So the trigger is confirmed to be accumulated review findings, not any single message and not the file under review. Every file after the first now needs its own fresh session. For a multi-file codebase audit this multiplies sessions linearly — exactly the false positive the flag text admits ("may flag safe and routine coding").

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.201
  • Feedback ID: 8fe2bde9-f4bb-4d5e-935f-0c862160ad87

Errors

[]

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗