diff --git a/scripts/check-confidential-docs.js b/scripts/check-confidential-docs.js
index 4733e145..e313289f 100755
--- a/scripts/check-confidential-docs.js
+++ b/scripts/check-confidential-docs.js
@@ -81,19 +81,17 @@ function scanFile(filePath) {
   if (!['.md', '.txt', '.pdf', '.doc', '.docx', '.html'].includes(ext)) {
     return null;
   }
-  
-  // Check filename
-  const pathCheck = checkFilePath(filePath);
-  if (pathCheck.confidential) {
-    return { file: filePath, ...pathCheck };
-  }
-  
-  // Check content
+
+  // ONLY check content markers, not filename patterns
+  // Rationale: Session handoffs and internal docs are fine in docs/ directory
+  // as long as they don't contain actual sensitive content (credentials, etc.)
+  // Filename patterns are too broad and catch legitimate internal documentation
+
   const contentCheck = checkFileContent(filePath);
   if (contentCheck.confidential) {
     return { file: filePath, ...contentCheck };
   }
-  
+
   return null;
 }