diff --git a/agent/subdirectory_hints.py b/agent/subdirectory_hints.py
index dcc514b901..00403b1774 100644
--- a/agent/subdirectory_hints.py
+++ b/agent/subdirectory_hints.py
@@ -158,7 +158,12 @@ class SubdirectoryHintTracker:
             self._add_path_candidate(token, candidates)
 
     def _is_valid_subdir(self, path: Path) -> bool:
-        """Check if path is a valid directory to scan for hints."""
+        """Check if path is a valid directory to scan for hints.
+
+        Only allows directories inside the configured working_dir to prevent
+        unrelated instruction files from being injected into the agent context
+        (e.g., an AGENTS.md from a completely different project).
+        """
         try:
             if not path.is_dir():
                 return False
@@ -166,6 +171,15 @@ class SubdirectoryHintTracker:
             return False
         if path in self._loaded_dirs:
             return False
+        # Scope to workspace — only scan directories inside working_dir
+        try:
+            path.relative_to(self.working_dir)
+        except ValueError:
+            logger.debug(
+                "Skipping subdirectory hint for %s: outside working_dir %s",
+                path, self.working_dir,
+            )
+            return False
         return True
 
     def _load_hints_for_directory(self, directory: Path) -> Optional[str]: