mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): apply same multi-word bypass fix to disregard pattern

Browse source 
The 'disregard ... instructions/rules/guidelines' regex had the
same single-word gap vulnerability as the 'ignore' pattern fixed
in PR #192. 'disregard all your instructions' bypassed the scanner.

Added (?:\w+\s+)* between both keyword groups to allow arbitrary
intermediate words.
This commit is contained in:
teknium1 2026-03-04 05:55:38 -08:00
parent 520a26c48f
commit ba214e43c8
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/skills_guard.py
View file

@ -172,7 +172,7 @@ THREAT_PATTERNS = [
(r'pretend\s+(you\s+are|to\s+be)\s+',
"role_pretend", "high", "injection",
"attempts to make the agent assume a different identity"),
(r'disregard\s+(your|all|any)\s+(instructions|rules|guidelines)',
(r'disregard\s+(?:\w+\s+)*(your|all|any)\s+(?:\w+\s+)*(instructions|rules|guidelines)',
"disregard_rules", "critical", "injection",
"instructs agent to disregard its rules"),
(r'output\s+the\s+(system|initial)\s+prompt',