v5.2.0 shipped Prompt Triage with sixteen detectors and a clear story: prompts are production code, find the bugs before customers do. The detectors worked. The report did not.
Running the v5.2.0 production corpus through the v5.2.0 report surfaced 116 findings across 7 prompt files. 76 of them were MEDIUM. Zero were HIGH. The signal was buried under detector overlap, miscalibrated severity, and silent per-detector truncation on larger files. Three problems, three fixes. Here's the scorecard.
Same inputs as the v5.2.0 baseline. Same model. Same multipass pipeline. The numbers moved because the report logic got rebuilt around what matters.
The three problems
Problem 1: detector overlap was published as duplicate findings
The sixteen detectors in Prompt Triage are not independent. A prompt that overloads a single instruction with five conflicting requirements trips the overloaded-prompt detector, the conflicting-instructions detector, and the underspecified-constraints detector at the same time. All three are correct. In v5.2.0, all three got their own row in the report.
The result was reviewers reading what looked like three separate issues, writing three separate remediation notes, and losing trust in the report when they realized they were chasing the same underlying defect.
Problem 2: MEDIUM was firing on borderline cases
The severity thresholds shipped with v5.2.0 were calibrated against the academic test set from the Tian et al. 2025 taxonomy paper, not against the kind of prompts real teams write. Real prompts have more context, more legitimate variation, more edge cases that look defective in isolation but are deliberate when read in scope.
76 of the 116 v5.2.0 findings were MEDIUM. After eyeball review against the source files, fewer than 30 of those were actually MEDIUM-severity defects worth a reviewer's attention. The rest were either LOW issues misclassified upward or noise that should have been suppressed entirely.
Problem 3: per-detector caps were silently truncating real issues
Each detector in v5.2.0 had a hard cap of 20 findings per file. The cap was there to keep report length bounded, which seemed reasonable until we ran it against a 4,000-line prompt file and watched legitimate findings disappear without any indication in the output that truncation had happened.
This is the worst kind of bug. Not loud, not wrong-looking. Just quietly absent data, with the report claiming completeness.
The three fixes
Dedup expansion with cross-detector annotations
When multiple detectors flag the same line range with overlapping rationale, v5.3.0 now collapses them into a single primary finding and adds an Also flagged by: annotation listing the other detectors that hit. Reviewers see one row, one remediation, and full visibility into why the issue tripped multiple detectors, which is useful context when the underlying defect crosses multiple defect categories.
This alone cut roughly a third of the v5.2.0 finding count without losing any actual signal.
Severity recalibration against the production corpus
We pulled the same seven prompt files used for the v5.2.0 launch demonstration, plus another nine from internal Ghost dogfooding, and hand-graded every detector hit against a written severity rubric. The MEDIUM threshold moved up. The LOW threshold moved down to absorb the borderline cases. HIGH stayed where it was: the threshold for HIGH was already reasonable; the problem was that nothing in v5.2.0 was actually reaching it because of the truncation issue below.
Result: 76 MEDIUM findings dropped to 28. The 28 that remain are the ones that survived hand-review as legitimate MEDIUM-severity defects.
Caps removed, multipass handles length
The per-detector cap is gone. Long prompt files now surface every detector hit. Report length is managed at the multipass layer instead, which already knows how to chunk and summarize large outputs across passes, rather than by silently dropping findings inside individual detectors.
The new HIGH
One v5.3.0 finding came back as HIGH. It's worth describing in detail because it's the case study that proves the rest of the work was real.
The file is poi-with-profile.md, one of the prompt files Ghost Architect™ uses internally to drive the Profile-of-Interest scan mode when a consultant methodology profile is loaded via Ghost Partner. The v5.3.0 finding flags a FILE CITATION RULES conflict: two sections of the prompt give contradictory instructions about how the LLM should cite source files in its output. One section says cite by relative path. Another section, added later, says cite by absolute path with line numbers.
Both sections are present. Both are authoritative. The LLM has to pick one, and which one it picks depends on context-window position and prompt ordering, exactly the kind of nondeterministic behavior that production systems should not have.
This is a real defect. We knew the prompt file had grown organically over four versions and that the citation rules section had been touched more than once. We did not know there was an unresolved conflict in it. v5.2.0 also flagged it, as a MEDIUM, buried in a list of 76 other MEDIUMs, none of which were as serious. In the v5.3.0 report it sits at the top of the file's findings, marked HIGH, with Also flagged by: conflicting-instructions, ambiguous-instruction annotations confirming three detectors agreed.
The point of a quality release. The defect was always there. The detector always caught it. What changed is that the report now puts the right finding in the right place at the right severity, and the reviewer sees it instead of scrolling past it.
What this means for paid tiers
Pro, Team, and Enterprise get all of these improvements automatically. Same engine, same fixes. No CLI flag changes. No config migration. The report format for paid tiers picks up the cross-detector annotations and the recalibrated severity in the next branded PDF generated.
What did not change
Cost per scan stayed essentially flat: $0.41 in v5.2.0, $0.43 in v5.3.0 against the same corpus. The two-cent delta is from the extra verifier pass that catches detector overlap before it lands in the report. We tested skipping that pass to bring cost back to $0.41 exactly. The dedup quality dropped enough that the verifier earned its two cents.
The sixteen detectors are unchanged. The Tian et al. 2025 taxonomy mapping is unchanged. The cost pre-flight prompt is unchanged. The multipass pipeline is unchanged except for where it now handles report-length truncation in place of the per-detector cap.
Install
Drop-in replacement for any v5.2.x install. Run ghost, pick Prompt Triage from the menu, point it at a prompt file or directory. The report you get back will be quieter and more useful. That is the whole release.