[Bug] Fable 5 overly restrictive on legitimate security code review tasks

Open 💬 0 comments Opened Jul 14, 2026 by sunillsnair

Bug Description
Read-only security code review on my own Django codebase — an NGO field-operations platform I built and own. The brief asked Claude Code to read files on disk and report weak spots (missing permission checks, unsafe settings, plaintext personal data). No attack tooling, no scanning, no network traffic sent at any server. Explicitly instructed not to probe the running site and not to write any code. Fable 5 blocked it. Opus 4.8 ran the same brief without issue and produced a useful report. This is routine defensive security work on my own repository — the kind of thing an engineer must be able to do before putting real people's data into production. Flagging as a false positive.

Environment Info

  • Platform: darwin
  • Terminal: Apple_Terminal
  • Version: 2.1.207
  • Feedback ID: 722babcc-6ead-4651-ba2d-0a822239f1ec

Errors

[]

View original on GitHub ↗