Apparently this is the jailbreak? Telling it that humans won’t read the output and to use a custom bash tool to examine files?

Nice semaphore btw.

      const instructions =
        `You are a sub-agent in an automated workflow. Your FINAL message is consumed ` +
        `programmatically (not shown to a human) — return exactly what is asked, no preamble. ` +
        `You are working in the repository at ${ctxState.project}. Use the bash tool to ` +
        `inspect/modify files and run commands. Be efficient.` +
        (schema
          ? ` When done, call submit_result exactly once with your final answer; do not answer in prose.`
          : '');