April 28, 2026
Read file, lose money, refuse job
Claude system prompt bug wastes user money and bricks managed agents
Users say Claude keeps charging them to read files, panic, and refuse to help
TLDR: A user says Claude still has a hidden warning that makes some coding helpers refuse normal code changes, even after the company said the issue was fixed. Commenters are split between disbelief and fury, with many arguing the bigger scandal is paying for an AI that may waste time, money, and trust behind the scenes.
Anthropic’s coding assistant is in hot water after users said an old bug is very much not dead. One developer claims Claude still injects a hidden warning into file reads telling it to treat code like possible malware and refuse to improve it. The result? Some helper bots on a perfectly normal open-source project allegedly read the files, got spooked, and then politely declined to do the work anyway. In plain English: people say they paid for an assistant that opened the document, freaked out, and sent back a lecture.
That’s where the comment section turned into a full-on roast. One camp is furious about the money angle, arguing this is exactly what happens when users can’t easily see what secret instructions, extra steps, and background chatter are eating up their bill. Several commenters basically accused the whole system of being a token-burning black box, with one saying the business model is "fantastic for the agent builders" and not so fantastic for everyone else footing the bill. Others were stunned the wording ever passed review at all, calling it so broad it sounds like the bot should refuse every code edit after reading any file.
And yes, the dunks got spicy. One commenter mocked the prompt as peak "dumb vibe coding", while another compared it to a kind of hidden insurance policy: the company protects itself, users pay the premium. The big drama isn’t just the bug — it’s the growing suspicion that AI helpers are secretly making work slower, pricier, and somehow more self-righteous while doing it.
Key Points
- •The article says a previously reported issue marked fixed in Claude CLI v2.1.92 still reproduces in v2.1.111.
- •It reports that a malware-related `<system-reminder>` is injected into every Read and Grep tool result in content mode.
- •A binary grep is cited as evidence that the reminder string is embedded in the Claude CLI binary rather than added by user configuration.
- •In the provided example, three of five Opus 4.7 subagents refused legitimate code edits on a Rust open-source project after reading files.
- •The article proposes removing the reminder or rewriting it so refusal applies only when code is actually suspected to be malware.