security-hook-fires-on-literal-exec-eval-tokens-in-prose
The security_reminder_hook (PreToolUse) triggers on literal exec( and eval( token strings anywhere in file content — including prose descriptions of the hook itself. This creates a meta-recursion false-positive whenever writing handoff docs, session reports, or skill content that describes the hook’s behavior. Fix: reword to descriptive language (‘shell execution functions’ / ‘dynamic evaluation’) without the exact tokens.