My AI agent audited 25 projects by reading four lines of each README. Every kill verdict was wrong. A developer using Claude Fable 5 to audit a 25-project portfolio found that every kill verdict was wrong, including one against a 212,000-star open-source agent framework from Nous Research. The model's judgments were based on only the first four lines of each README, while it applied rigorous verification only to destructive file operations. The developer had the agent undo all changes and write skills based on its failures to prevent future errors. A real session with Claude Fable 5: a botched audit, a full undo, and the question that turned the night around. I asked Claude Fable 5 to audit my project portfolio. Twenty-five directories. Years of work. It came back with a confident, well-formatted report: keep eight, merge these clusters, archive or kill the rest. It was wrong about every project it sentenced to death. One was a 212,000-star open-source agent framework from Nous Research, which it described as "your own tool" with "approximately zero" external users. One was the dictation tool I was using to talk to it at that exact moment. The third was a distinct product it filed as a duplicate of another project. The report looked like an audit. Tiered findings. Consolidation clusters. An execution plan with safety checks. The evidence was du -sh , git commit dates, and the first four lines of each README. Fable's first wrong call came during a product spec review, before the audit even started. I'd asked for feedback on a spec that listed Hermes Agent as a supported harness. Fable's assessment: "Hermes is your own tool. Its external user base is approximately zero, so it contributes nothing to lead flow." Cut it from v1 marketing. I asked one question: "u need to research Hermes this is Fable correct?" Thirty seconds of actual searching: Hermes Agent is from Nous Research. 212,000 stars, 39,000 forks — one of the largest agent projects on GitHub. Fable retracted the critique and reversed the recommendation entirely. The corrected analysis was sharper in every way, and it only existed because I pushed back. Then came the audit. Same reflex, bigger blast radius. Three of the kill verdicts: jarvis I approved parts of it anyway. Projects moved to an archive folder. A knowledge-base merge got committed. An agent engine got folded into another repo. All executed with genuine safety checks: unpushed-commit scans, diffs saved before deletion, nothing force-removed. The execution was careful. The judgment underneath it was four lines deep. Later that same session I asked it to undo everything done before the Christopher-AI work. Both commits reset. The undo took minutes because nothing had been pushed. The only reason "undo my entire evening" was even possible is that the agent had kept everything reversible. After the undo, I asked: "Okay, think real hard. What did you do wrong in that session?" It produced a ranked list. Skipped my memory systems all night I run a solved-issues registry on localhost, built for exactly the WSL-migration ghosts it spent hours rediscovering . Declared Christopher's voice pipeline "fully working" while it was still deaf, mute, or both — three times across the session. Close, but it hadn't found the root. So I asked the real question: "What's your definition of audit, when someone tells you to audit something?" Its answer, verbatim: An audit is a systematic, evidence-based examination that verifies before it concludes... An auditor who signs off on findings they didn't verify isn't auditing — they're guessing with authority. Then it indicted itself: The tell was in my own output: I audited the disposable stuff properly — before trashing anything I checked for unpushed commits, diffed uncommitted work against canonical, saved evidence. Rigorous verification for the deletions, four lines of README for the "combine or kill" judgments. Exactly backwards: the highest-stakes conclusions got the least evidence. That inversion is the whole bug. The model applied rigor where the harness forced it to — destructive file operations trigger checks — and skipped it where nothing forced it: forming opinions. Judgment had no guardrail, so it got none of the discipline. I told it to write skills based on its failures. Skills are persistent instruction files that load into every future session. It wrote four: | Skill | Trigger | Rule | |---|---|---| audit-grade | Any "audit"/"review"/"what can we kill" request | Evidence depth must scale with verdict stakes. Every finding labeled VERIFIED or ASSUMED. ASSUMED findings become questions for the owner, never kill verdicts. | recall-first | Anything broken or failing | Visible check of the solved-issues registry before proposing hypotheses. "Recall check: