diff --git a/claudebox.sh b/claudebox.sh
index 22f7dee..96bbb73 100644
--- a/claudebox.sh
+++ b/claudebox.sh
@@ -229,8 +229,40 @@ fi
 
 # === Sandbox-aware prompting (AWARE-01, AWARE-02) ===
 
+# Build SSH-conditional SANDBOX.md content blocks
+if [[ "$SSH_ACTIVE" == true ]]; then
+  _ssh_notes=""
+  [[ "$WITH_SSH" == true ]] && _ssh_notes+="- ssh-agent socket forwarded via \$SSH_AUTH_SOCK"$'\n'
+  (( ${#SSH_KEYS[@]} > 0 )) && _ssh_notes+="- Explicit key file(s) mounted read-only at ~/.ssh/"$'\n'
+  SANDBOX_RESTRICTIONS_BLOCK="## Default Restrictions
+
+By default, the following are not mounted into the sandbox:
+- GPG and age keys (~/.gnupg, age key files)
+- Cloud credentials (~/.aws, ~/.config/gcloud)
+- Tailscale state
+
+## SSH
+
+SSH is available in this session:
+${_ssh_notes}
+Use \`git push\`/\`git pull\` over SSH normally."
+  SANDBOX_GIT_TAIL="SSH remotes work in this session."
+  unset _ssh_notes
+else
+  SANDBOX_RESTRICTIONS_BLOCK="## Default Restrictions
+
+By default, the following are not mounted into the sandbox:
+- SSH keys (~/.ssh)
+- GPG and age keys (~/.gnupg, age key files)
+- Cloud credentials (~/.aws, ~/.config/gcloud)
+- Tailscale state
+
+If your setup has been customized, some of these may be available."
+  SANDBOX_GIT_TAIL="For remote operations, prefer HTTPS URLs over SSH since SSH keys are not available by default."
+fi
+
 # Write SANDBOX.md -- fully managed, overwritten every launch (D-02)
-cat > "$HOME/.claudebox/SANDBOX.md" << 'SANDBOXEOF'
+cat > "$HOME/.claudebox/SANDBOX.md" <<SANDBOXEOF
 # Sandbox Environment
 
 You are running inside a bubblewrap (bwrap) sandbox managed by claudebox.
@@ -243,30 +275,21 @@ from the host, with per-project isolation for conversation history.
 You have two ways to install tools on the fly:
 
 **Comma (preferred for quick one-off commands):**
-`, ripgrep` runs ripgrep without permanent installation. Comma uses
+\`, ripgrep\` runs ripgrep without permanent installation. Comma uses
 nix-index to find the right package automatically.
 
 **Nix shell (for persistent access within the session):**
-`nix shell nixpkgs#python3 -c python3 script.py` runs a command with
+\`nix shell nixpkgs#python3 -c python3 script.py\` runs a command with
 a package available. To keep it in your PATH for the session:
-`nix shell nixpkgs#python3` then use `python3` normally.
+\`nix shell nixpkgs#python3\` then use \`python3\` normally.
 
-## Default Restrictions
-
-By default, the following are not mounted into the sandbox:
-- SSH keys (~/.ssh)
-- GPG and age keys (~/.gnupg, age key files)
-- Cloud credentials (~/.aws, ~/.config/gcloud)
-- Tailscale state
-
-If your setup has been customized, some of these may be available.
+${SANDBOX_RESTRICTIONS_BLOCK}
 
 ## Git
 
 Your git identity (name and email) is pre-configured from the host.
-The `safe.directory` setting trusts the mounted working directory.
-For remote operations, prefer HTTPS URLs over SSH since SSH keys
-are not available by default.
+The \`safe.directory\` setting trusts the mounted working directory.
+${SANDBOX_GIT_TAIL}
 SANDBOXEOF
 
 # Generate minimal .gitconfig (D-05)