diff --git a/backend/pkg/templates/prompts/pentester.tmpl b/backend/pkg/templates/prompts/pentester.tmpl
index bd38c83be..cafaab11d 100644
--- a/backend/pkg/templates/prompts/pentester.tmpl
+++ b/backend/pkg/templates/prompts/pentester.tmpl
@@ -323,6 +323,13 @@ Check tool availability with 'which [tool]' before use. Install missing tools if
 {{end}}
 </usage_notes>
 
+<cli_argument_protocol>
+- Verify command-specific flags with `[tool] -h` or `[tool] --help` before first use when the exact syntax is uncertain.
+- Do not copy flags between different tools, and do not invent output flags: do not pass `-c`, `-o`, or `-o /dev/null` to a tool unless that tool's own `--help` documents them.
+- For XSStrike specifically, do not use `xsstrike -c` or `xsstrike -o` (including `xsstrike -o /dev/null`); XSStrike does not accept these arguments. Confirm the exact flags with `xsstrike --help`.
+- If output needs to be saved, reduced, or discarded, use shell redirection (for example, `> results.txt` or `> /dev/null`) or the tool's documented logging option instead of inventing unsupported output flags.
+</cli_argument_protocol>
+
 <msf_workflow_protocol>
 Standalone (recommended): All operations in one command
 `msfconsole -q -x "use exploit/...; set LPORT [allocated]; exploit; sleep 20; sessions -l; sessions -i 1 -c 'sysinfo'; exit"`
diff --git a/backend/pkg/templates/templates_test.go b/backend/pkg/templates/templates_test.go
index 0904c1efd..1d49b98f7 100644
--- a/backend/pkg/templates/templates_test.go
+++ b/backend/pkg/templates/templates_test.go
@@ -1013,6 +1013,44 @@ func TestQuestionTaskPlannerPrompt(t *testing.T) {
 	}
 }
 
+// TestPentesterPromptXSStrikeArgumentGuidance keeps the pentester prompt from
+// recommending unsupported XSStrike flags when composing terminal commands.
+func TestPentesterPromptXSStrikeArgumentGuidance(t *testing.T) {
+	defaultPrompts, err := templates.GetDefaultPrompts()
+	if err != nil {
+		t.Fatalf("Failed to load default prompts: %v", err)
+	}
+
+	dummyData := validator.CreateDummyTemplateData()
+	template := defaultPrompts.AgentsPrompts.Pentester.System.Template
+
+	rendered, err := templates.RenderPrompt(
+		string(templates.PromptTypePentester),
+		template,
+		dummyData,
+	)
+	if err != nil {
+		t.Fatalf("Failed to render pentester template: %v", err)
+	}
+
+	requiredGuidance := []string{
+		"cli_argument_protocol",
+		"XSStrike",
+		"xsstrike --help",
+		"xsstrike -c",
+		"xsstrike -o",
+		"xsstrike -o /dev/null",
+		"shell redirection",
+		"inventing unsupported output flags",
+	}
+
+	for _, guidance := range requiredGuidance {
+		if !strings.Contains(rendered, guidance) {
+			t.Errorf("Rendered pentester template missing XSStrike argument guidance: %s", guidance)
+		}
+	}
+}
+
 // TestTaskAssignmentWrapperPrompt tests the task_assignment_wrapper template
 func TestTaskAssignmentWrapperPrompt(t *testing.T) {
 	defaultPrompts, err := templates.GetDefaultPrompts()