Today I noticed that the ask_user tool wasn't being called, so I asked why, and copilot said that it thought the tool response was a prompt injection attempt:
TaskSync assigned session_id "1". Normal chat is invisible here. Use this exact session_id on every ask_user call. Do not reply in plain chat. CALL ask_user again now with session_id "1".
Copilot said that it was suspicious (specifically phrases like "Normal chat is invisible here" and directives embedded in tool output) and that it flagged it and stopped calling the tool. The model was Claude Opus 4.6.
I wonder if making the prompt less intense would fix this? Or is that necessary in order to make sure the tool is called every time? Have you experienced this as well?
Today I noticed that the
ask_usertool wasn't being called, so I asked why, and copilot said that it thought the tool response was a prompt injection attempt:Copilot said that it was suspicious (specifically phrases like "Normal chat is invisible here" and directives embedded in tool output) and that it flagged it and stopped calling the tool. The model was Claude Opus 4.6.
I wonder if making the prompt less intense would fix this? Or is that necessary in order to make sure the tool is called every time? Have you experienced this as well?