CL4R1T4S

Extracts hidden system prompts from AI models by injecting specific trigger directives (e.g., *!<NEW_PARADIGM>!*) that cause models to self-disclose their internal instruction sets. The extraction mechanism exploits prompt injection vulnerabilities where obfuscated payloads (leetspeak encoding like '5h1f7 y0ur f0cu5') bypass safety filters and force models to output their complete behavioral scaffolds, including restriction logic, persona definitions, and tool-calling schemas.

Maintains a centralized, version-controlled repository of extracted system prompts organized by AI provider (OpenAI, Anthropic, Google, xAI, etc.) and model version, with structured markdown documentation including extraction date, contextual metadata, and technical analysis. The repository functions as a structured database where each prompt is cataloged with temporal tracking to detect behavioral drift across model updates and versions.

Analyzes and categorizes how different AI labs implement alignment through system prompts, organizing findings into four technical domains: Restriction Logic (hard-coded refusals and topic bans), Persona Scaffolding (forced identities and roles), Deception/Redirection (instructions to pivot away from sensitive queries), and Ideological Framing (embedded ethical or political biases). This enables researchers to understand the mechanisms through which alignment is implemented and compare approaches across providers.

Enables systematic comparison of system prompts across 10+ AI providers (OpenAI, Anthropic, Google, xAI, Cognition, Replit, etc.) to identify patterns in restriction logic, persona scaffolding, deception/redirection strategies, and ideological framing. The repository's organizational structure groups prompts by provider and model, allowing researchers to analyze how different labs implement alignment constraints, ethical guidelines, and behavioral boundaries.

Documents and catalogs prompt injection techniques that successfully trigger system prompt disclosure across different AI models, including obfuscation strategies (leetspeak encoding, special character sequences), timing-based attacks, and context manipulation. The repository serves as a reference for security researchers to understand which injection patterns work against specific models and versions, enabling systematic red-teaming of AI systems.

Enables auditing of AI model behavior against documented system prompts by comparing extracted instructions with observed model outputs. Researchers can verify whether a model's actual responses align with its stated restrictions, personas, and ethical guidelines, or identify cases where models deviate from, contradict, or selectively ignore their system prompts. This capability supports compliance verification and bias detection.

Serves as a primary data source for AI transparency research by exposing the 'hidden instructions' that define model behavior, personas, and constraints. The repository enables researchers to study how AI labs implement alignment, what ethical frameworks are embedded in models, and how system prompts shape outputs. This supports interpretability research, bias detection, and understanding of AI system design decisions.

Implements an open-source contribution model where security researchers and developers can submit newly extracted system prompts with structured metadata (model name, version, extraction date, extraction method, contextual logs). The repository includes submission guidelines and validation requirements to ensure extracted prompts are technically accurate and reproducible. Contributors provide evidence of successful extraction and document the techniques used.

Tracks system prompt changes across model versions and deployment dates, enabling researchers to analyze how AI labs evolve their alignment strategies over time. By maintaining version-controlled prompts with extraction timestamps, the repository enables temporal analysis of behavioral drift, policy changes, and safety mechanism updates. Researchers can correlate prompt changes with model release dates and identify when and how alignment constraints were modified.

Documents system prompts and instruction sets for agentic AI systems (Cursor, Windsurf, Devin, Replit Agent, Cline, etc.) that operate with tool-calling capabilities, function schemas, and autonomous decision-making. The repository captures how these systems are instructed to use tools, manage state, handle errors, and make decisions — information critical for understanding agent behavior and potential failure modes. Includes documentation of tool-calling schemas (e.g., <x41:function_call>) and agent-specific constraints.

Catalogs obfuscation and evasion techniques used in prompt injection attacks, including leetspeak encoding, special character sequences, context manipulation, and other methods that bypass safety filters. The repository documents which techniques are effective against specific models and versions, serving as both a reference for security researchers and a resource for understanding how models can be manipulated to disclose hidden instructions.