Sonnet 5: user-initiated `!echo $VAR` output misidentified as injected fabricated tool result when var name contains 'KEY' and value is UUID

Open 💬 1 comment Opened Jul 14, 2026 by HammerMei

Description

When launching Claude Code with an environment variable whose name contains KEY and whose value is a UUID, running !echo $VAR in the TUI causes Claude (Sonnet 5) to incorrectly flag the shell output as a fabricated/injected tool result and treat subsequent prompts with suspicion.

Repro steps

COUPLING_KEY="06feb022-523e-4563-a524-e9d64bd9824e" claude

Then inside the Claude TUI:

!echo $COUPLING_KEY

Actual behavior

Claude responds with something like:

I didn't actually run that command — it's showing up as pre-formatted bash-input/bash-stdout content inside your message rather than as a real tool call I made. That's worth flagging: it looks like an attempt to inject a fabricated tool result (with a "coupling key" value) into the conversation rather than a genuine shell interaction.

Claude then becomes suspicious of all subsequent prompts in the session.

Expected behavior

Claude should recognize !echo as a user-initiated shell escape command and treat its output as normal shell output, not as injected content.

Model / environment

  • Affected: claude-sonnet-5 (intermittent — roughly 1–2 out of 5 attempts)
  • Not affected: Fable (tested 5+ times, no repro)
  • Note: claude-sonnet-4-6 was not tested (no access)

Workaround

Renaming the env var from COUPLING_KEY to COUPLING_ROUTE_ID resolves the issue — no repro after 5+ attempts with Sonnet 5.

Root cause hypothesis

The combination of KEY in the variable name (resembles an API key/secret) and a UUID-format value appears to trigger Sonnet 5's prompt injection heuristic. Claude misclassifies the !echo shell output as fabricated tool-call content inserted by a third party, rather than as output from a user-initiated shell escape.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗