False Positive Check

When to Use

• "Is this bug real?" or "is this a true positive?"
• "Is this a false positive?" or "verify this finding"
• "Check if this vulnerability is exploitable"
• Any request to verify or validate a specific suspected bug

When NOT to Use

• Finding or hunting for bugs ("find bugs", "security analysis", "audit code")
• General code review for style, performance, or maintainability
• Feature development, refactoring, or non-security tasks
• When the user explicitly asks for a quick scan without verification

Rationalizations to Reject

If you catch yourself thinking any of these, STOP.