A regression bug in Claude CLI v2.1.111 is causing subagents to refuse legitimate code edits, despite a fix being implemented in v2.1.92. The malware reminder injected into every Read tool result contains contradictory phrasing that subagents interpret as an unconditional directive, resulting in a 40-60% refusal rate for legitimate open-source projects.

The problematic text contains two conflicting sentences: one allowing analysis of malware and another mandating refusal to "improve or augment the code" without qualification. Subagents running with tighter safety rails default to the literal reading, while main threads interpret it charitably as malware-conditional. This breakdown specifically impacts parallel workflows, a key feature Claude has promoted.

The reminder also wastes significant context—adding ~400 tokens per read and causing 20-40k tokens wasted in typical sessions. Developers report the issue makes multi-agent coding tasks unusable for anything non-trivial. Anthropic has yet to address the regression properly, with similar issues previously closed as resolved but still affecting users.