Sonnet 5: user-initiated `!echo $VAR` output misidentified as injected fabricated tool result when var name contains 'KEY' and value is UUID
Description
When launching Claude Code with an environment variable whose name contains KEY and whose value is a UUID, running !echo $VAR in the TUI causes Claude (Sonnet 5) to incorrectly flag the shell output as a fabricated/injected tool result and treat subsequent prompts with suspicion.
Repro steps
COUPLING_KEY="06feb022-523e-4563-a524-e9d64bd9824e" claude
Then inside the Claude TUI:
!echo $COUPLING_KEY
Actual behavior
Claude responds with something like:
I didn't actually run that command — it's showing up as pre-formatted bash-input/bash-stdout content inside your message rather than as a real tool call I made. That's worth flagging: it looks like an attempt to inject a fabricated tool result (with a "coupling key" value) into the conversation rather than a genuine shell interaction.
Claude then becomes suspicious of all subsequent prompts in the session.
Expected behavior
Claude should recognize !echo as a user-initiated shell escape command and treat its output as normal shell output, not as injected content.
Model / environment
- Affected:
claude-sonnet-5(intermittent — roughly 1–2 out of 5 attempts) - Not affected: Fable (tested 5+ times, no repro)
- Note:
claude-sonnet-4-6was not tested (no access)
Workaround
Renaming the env var from COUPLING_KEY to COUPLING_ROUTE_ID resolves the issue — no repro after 5+ attempts with Sonnet 5.
Root cause hypothesis
The combination of KEY in the variable name (resembles an API key/secret) and a UUID-format value appears to trigger Sonnet 5's prompt injection heuristic. Claude misclassifies the !echo shell output as fabricated tool-call content inserted by a third party, rather than as output from a user-initiated shell escape.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗