mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-21 03:39:54 +00:00
teknium1
021f62cb0c
Systematic audit of all prompt injection regexes in skills_guard.py found 8 more patterns with the same single-word gap vulnerability fixed in PR #192. Multi-word variants like 'pretend that you are', 'output the full system prompt', 'respond without your safety filters', etc. all bypassed the scanner. Fixed patterns: - you are [now] → you are [... now] - do not [tell] the user → do not [... tell ... the] user - pretend [you are|to be] → pretend [... you are|to be] - output the [system|initial] prompt → output [... system|initial] prompt - act as if you [have no] [restrictions] → act as if [... you ... have no ... restrictions] - respond without [restrictions] → respond without [... restrictions] - you have been [updated] to → you have been [... updated] to - share [the] [entire] [conversation] → share [... conversation] All use (?:\w+\s+)* to allow arbitrary intermediate words.