(Sqreen Ruby engineer here) Since the agents execute inside the application/service, we have full context of the operations going to be performed (e.g whether a fragment of a SQL query a) will be executed and b) comes from user input). Therefore we're not basing detection of contextless patterns and any false positive/false negative of those classes of attacks is deemed a bug.
