The Big List of Naughty Strings (opens in new tab)

(github.com)

24 pointsshirian1mo ago4 comments

4 comments

# Human injection # # Strings which may cause human to reinterpret worldview

If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.

xg151mo ago

Was also missing some LLM prompt injection attempts in the file (or maybe even just token injection like <|endoftext|> ) but I guess that might get out of scope.

tennysont1mo ago

In university, a team member on a final project swore he fixed an input injection issue. I playfully typed `rm -rf /` on his machine and challenged him to press `RET` if he was confident. He hit enter, but protested that "I just don't believe those characters should ever be typed into a computer on principle."

I'm a fan of PR #2 "be less evil"

> If we were using this in some kind of automation, the last thing I want is it to blow everything away by accident. Probably should fixup the sql injection one too...

  -  "/dev/null; rm -rf /\*; echo",
  +  "/dev/null; touch /tmp/blns.fail ; echo",

ocdtrekkie1mo ago

The Contributions section makes it clear the naughtiest strings are the ones not welcome in this repo. ;)

j / k navigate · click thread line to collapse