[Bug] Fable 5 safeguards over-flag legitimate defensive security audit workflows

Open 💬 0 comments Opened Jul 5, 2026 by robert-hromej

Bug Description
False positive: Fable 5 safeguards block a routine DEFENSIVE security-audit
workflow. I run a maintenance skill (/aspira-run-all) that audits MY OWN
authorized org archive — pull repos, refresh docs, then gitleaks/deps/vuln
review + remediation tracking. On Fable 5 (max effort) it auto-switches me to
Opus 4.8 with the "safeguards flagged this message" notice.

The trigger is not the command syntax — it's the accumulated defensive-security
context that loads every session (audit notes phrased in unavoidable security
terms: "unauthenticated Redis places bets", "PAT not matched by ghp_ grep",
"RCE risk", "credential rotation"). This is exactly the "safe and routine
cybersecurity work" your own notice says may be over-flagged. Please tune the
classifier so defensive audit of one's own systems isn't blocked.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.201
  • Feedback ID: c324550d-8f87-43fa-b7c0-b24d20fa4896

Errors

[]

View original on GitHub ↗