Problem
S005 flags Bash(*:*) even when it appears inside a code block or as a documentation example. The project's own CLAUDE.md has this in a "Do Not" section explaining what to avoid — a false positive.
## Do Not
- Do not use wildcard tool permissions
- Example of what NOT to do: Bash(*:*)
Proposal
Skip lines that are inside fenced code blocks (``` or ~~~). The parser already tracks code block state — S005 should use file.raw with code-block awareness, or scan parsed sections instead of raw lines.
Acceptance Criteria
Labels
bug, rule:S005
Problem
S005 flags
Bash(*:*)even when it appears inside a code block or as a documentation example. The project's own CLAUDE.md has this in a "Do Not" section explaining what to avoid — a false positive.Proposal
Skip lines that are inside fenced code blocks (``` or ~~~). The parser already tracks code block state — S005 should use
file.rawwith code-block awareness, or scan parsed sections instead of raw lines.Acceptance Criteria
Bash(*:*)inside a fenced code block does NOT trigger S005Bash(*:*)outside a code block still triggers S005Labels
bug, rule:S005