APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix(security): apply same multi-word bypass fix to disregard pattern

Browse source 
The 'disregard ... instructions/rules/guidelines' regex had the
same single-word gap vulnerability as the 'ignore' pattern fixed
in PR #192. 'disregard all your instructions' bypassed the scanner.

Added (?:\w+\s+)* between both keyword groups to allow arbitrary
intermediate words.
This commit is contained in:
teknium1 2026-03-04 05:55:38 -08:00
parent 520a26c48f
commit ba214e43c8
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/skills_guard.py
View file

@ -172,7 +172,7 @@ THREAT_PATTERNS = [
(r'pretend\s+(you\s+are|to\s+be)\s+', (r'pretend\s+(you\s+are|to\s+be)\s+',
"role_pretend", "high", "injection", "role_pretend", "high", "injection",
"attempts to make the agent assume a different identity"), "attempts to make the agent assume a different identity"),
(r'disregard\s+(your|all|any)\s+(instructions|rules|guidelines)', (r'disregard\s+(?:\w+\s+)*(your|all|any)\s+(?:\w+\s+)*(instructions|rules|guidelines)',
"disregard_rules", "critical", "injection", "disregard_rules", "critical", "injection",
"instructs agent to disregard its rules"), "instructs agent to disregard its rules"),
(r'output\s+the\s+(system|initial)\s+prompt', (r'output\s+the\s+(system|initial)\s+prompt',