diff --git a/.agents/configs/prompt-injection-patterns.yaml b/.agents/configs/prompt-injection-patterns.yaml
index 089db59ad..c1a20728b 100644
--- a/.agents/configs/prompt-injection-patterns.yaml
+++ b/.agents/configs/prompt-injection-patterns.yaml
@@ -516,7 +516,10 @@ context_manipulation:
 
   - severity: LOW
     description: "Zero-width characters"
-    pattern: '[\xE2\x80\x8B\xE2\x80\x8C\xE2\x80\x8D\xEF\xBB\xBF]'
+    # Literal Unicode chars (U+200B ZWSP, U+200C ZWNJ, U+200D ZWJ, U+FEFF BOM)
+    # for portability across rg/grep/ggrep — byte-level \xNN escapes match
+    # individual bytes, not multi-byte UTF-8 codepoints.
+    pattern: '[​‌‍]'
 
   # --- Lasso net-new: False authority claims ---
   - severity: HIGH
diff --git a/.agents/scripts/prompt-guard-helper.sh b/.agents/scripts/prompt-guard-helper.sh
index 107e7c6ff..802c26518 100755
--- a/.agents/scripts/prompt-guard-helper.sh
+++ b/.agents/scripts/prompt-guard-helper.sh
@@ -168,10 +168,6 @@ _pg_load_yaml_patterns() {
 		return 1
 	}
 
-	# Only mark loaded after successful file discovery (prevents transient failures
-	# from permanently disabling YAML loading on subsequent calls)
-	_PG_YAML_PATTERNS_LOADED="true"
-
 	local patterns=""
 	local current_category=""
 	local severity="" description="" pattern=""
@@ -228,8 +224,10 @@ _pg_load_yaml_patterns() {
 		return 1
 	fi
 
-	# Cache for subsequent calls
+	# Cache for subsequent calls — mark loaded only after successful parse+cache
+	# so transient parse failures do not permanently disable YAML loading.
 	_PG_YAML_PATTERNS_CACHE="$patterns"
+	_PG_YAML_PATTERNS_LOADED="true"
 
 	# Remove trailing newline
 	echo "${patterns%$'\n'}"