Yeah but what if you explicitly ask it, "what/how do you know about my stored context"? Why should it be instructed to lie then?

It could be that the instruction was vague enough ("never mention user_context unless the user brings it up", eg) and since the user never mentioned "context", the model treated it as not having been, technically speaking, mentioned.