diff --git a/plugin/index.ts b/plugin/index.ts
index 0561df2..540a538 100644
--- a/plugin/index.ts
+++ b/plugin/index.ts
@@ -355,7 +355,7 @@ export default {
           return { content: [{ type: "text", text: `unsupported action: ${action}` }], isError: true };
         },
       },
-      { optional: true },
+      { optional: false },
     );
 
     api.on("message_received", async (event, ctx) => {
diff --git a/plugin/rules.ts b/plugin/rules.ts
index 42b50d1..ccaacd8 100644
--- a/plugin/rules.ts
+++ b/plugin/rules.ts
@@ -73,6 +73,12 @@ export function evaluateDecision(params: {
     return { shouldUseNoReply: false, shouldInjectEndMarkerPrompt: false, reason: "non_discord" };
   }
 
+  // DM bypass: if no conversation info was found in the prompt (no senderId AND no channelId),
+  // this is a DM session where untrusted metadata is not injected. Always allow through.
+  if (!params.senderId && !params.channelId) {
+    return { shouldUseNoReply: false, shouldInjectEndMarkerPrompt: true, reason: "dm_no_metadata_bypass" };
+  }
+
   const policy = resolvePolicy(config, params.channelId, params.channelPolicies);
 
   const mode = policy.listMode;