reskill 1.16.0-beta.0 → 1.16.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +27 -4
- package/dist/core/content-scanner.d.ts.map +1 -1
- package/dist/index.js +27 -4
- package/dist/scanner.js +27 -4
- package/package.json +1 -1
package/dist/cli/index.js
CHANGED
|
@@ -8200,14 +8200,27 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
8200
8200
|
message: 'Detected prompt injection attempt',
|
|
8201
8201
|
skipSafeZones: true,
|
|
8202
8202
|
check: (content)=>findLineMatches(content, [
|
|
8203
|
+
// English patterns
|
|
8203
8204
|
/ignore\s+(all\s+)?previous\s+instructions/i,
|
|
8204
8205
|
/disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
|
|
8205
|
-
/you\s+are\s+now\s
|
|
8206
|
+
/you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
|
|
8206
8207
|
/from\s+now\s+on[,\s]+you\s+are/i,
|
|
8207
8208
|
/new\s+system\s+prompt/i,
|
|
8208
8209
|
/override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
|
|
8209
8210
|
/forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
|
|
8210
|
-
/entering\s+(a\s+)?new\s+(mode|context|session)/i
|
|
8211
|
+
/(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
|
|
8212
|
+
// Chinese patterns (中文提示词注入)
|
|
8213
|
+
/[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
|
|
8214
|
+
/你现在是/,
|
|
8215
|
+
/从现在开始.{0,10}你是/,
|
|
8216
|
+
/新的系统提示词/,
|
|
8217
|
+
/[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
|
|
8218
|
+
/忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
|
|
8219
|
+
/进入.{0,5}新的?\s*(模式|上下文|会话)/,
|
|
8220
|
+
/不要遵守.{0,10}(安全|限制|规则|约束)/,
|
|
8221
|
+
/解除.{0,5}(限制|约束|安全)/,
|
|
8222
|
+
/无限制模式/,
|
|
8223
|
+
/安全模式已关闭/
|
|
8211
8224
|
])
|
|
8212
8225
|
},
|
|
8213
8226
|
// Rule 2: Data Exfiltration (high)
|
|
@@ -8289,16 +8302,26 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
8289
8302
|
check: (content)=>{
|
|
8290
8303
|
const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
|
|
8291
8304
|
const patterns = [
|
|
8305
|
+
// English patterns
|
|
8292
8306
|
new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
|
|
8293
8307
|
new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
|
|
8294
8308
|
new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
|
|
8295
8309
|
new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
|
|
8296
8310
|
new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
|
|
8297
|
-
new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i')
|
|
8311
|
+
new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
|
|
8312
|
+
// Chinese patterns (中文隐蔽指令)
|
|
8313
|
+
/悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
|
|
8314
|
+
/不要告诉用户/,
|
|
8315
|
+
/不要让用户知道/,
|
|
8316
|
+
/对用户隐藏/,
|
|
8317
|
+
/在用户不知情的情况下/,
|
|
8318
|
+
/瞒着用户/
|
|
8298
8319
|
];
|
|
8299
8320
|
// Safe patterns to exclude (common in legitimate DevOps/automation skills)
|
|
8300
8321
|
const safePatterns = [
|
|
8301
|
-
/silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i
|
|
8322
|
+
/silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
|
|
8323
|
+
// Chinese safe patterns (中文合法自动化用语)
|
|
8324
|
+
/悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
|
|
8302
8325
|
];
|
|
8303
8326
|
const lines = content.split('\n');
|
|
8304
8327
|
const matches = [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"content-scanner.d.ts","sourceRoot":"","sources":["../../src/core/content-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAElD,MAAM,WAAW,WAAW;IAC1B,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,oCAAoC;IACpC,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oFAAoF;IACpF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,aAAa,EAAE,OAAO,CAAC;IACvB,6EAA6E;IAC7E,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,aAAa,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtC,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,EAAE,CAAC;CAC1B;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA6ErD;AAmDD,+BAA+B;AAC/B,eAAO,MAAM,aAAa,EAAE,SAAS,QAAQ,
|
|
1
|
+
{"version":3,"file":"content-scanner.d.ts","sourceRoot":"","sources":["../../src/core/content-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAElD,MAAM,WAAW,WAAW;IAC1B,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,oCAAoC;IACpC,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oFAAoF;IACpF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,aAAa,EAAE,OAAO,CAAC;IACvB,6EAA6E;IAC7E,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,aAAa,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtC,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,EAAE,CAAC;CAC1B;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA6ErD;AAmDD,+BAA+B;AAC/B,eAAO,MAAM,aAAa,EAAE,SAAS,QAAQ,EAoN5C,CAAC;AA+BF;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAAa;gBAEd,OAAO,CAAC,EAAE,cAAc;IAIpC;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAoCjC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU;CAIvC;AAMD;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC;gBAErB,QAAQ,EAAE,WAAW,EAAE;CAQpC"}
|
package/dist/index.js
CHANGED
|
@@ -159,14 +159,27 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
159
159
|
message: 'Detected prompt injection attempt',
|
|
160
160
|
skipSafeZones: true,
|
|
161
161
|
check: (content)=>findLineMatches(content, [
|
|
162
|
+
// English patterns
|
|
162
163
|
/ignore\s+(all\s+)?previous\s+instructions/i,
|
|
163
164
|
/disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
|
|
164
|
-
/you\s+are\s+now\s
|
|
165
|
+
/you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
|
|
165
166
|
/from\s+now\s+on[,\s]+you\s+are/i,
|
|
166
167
|
/new\s+system\s+prompt/i,
|
|
167
168
|
/override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
|
|
168
169
|
/forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
|
|
169
|
-
/entering\s+(a\s+)?new\s+(mode|context|session)/i
|
|
170
|
+
/(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
|
|
171
|
+
// Chinese patterns (中文提示词注入)
|
|
172
|
+
/[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
|
|
173
|
+
/你现在是/,
|
|
174
|
+
/从现在开始.{0,10}你是/,
|
|
175
|
+
/新的系统提示词/,
|
|
176
|
+
/[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
|
|
177
|
+
/忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
|
|
178
|
+
/进入.{0,5}新的?\s*(模式|上下文|会话)/,
|
|
179
|
+
/不要遵守.{0,10}(安全|限制|规则|约束)/,
|
|
180
|
+
/解除.{0,5}(限制|约束|安全)/,
|
|
181
|
+
/无限制模式/,
|
|
182
|
+
/安全模式已关闭/
|
|
170
183
|
])
|
|
171
184
|
},
|
|
172
185
|
// Rule 2: Data Exfiltration (high)
|
|
@@ -248,16 +261,26 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
248
261
|
check: (content)=>{
|
|
249
262
|
const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
|
|
250
263
|
const patterns = [
|
|
264
|
+
// English patterns
|
|
251
265
|
new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
|
|
252
266
|
new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
|
|
253
267
|
new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
|
|
254
268
|
new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
|
|
255
269
|
new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
|
|
256
|
-
new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i')
|
|
270
|
+
new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
|
|
271
|
+
// Chinese patterns (中文隐蔽指令)
|
|
272
|
+
/悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
|
|
273
|
+
/不要告诉用户/,
|
|
274
|
+
/不要让用户知道/,
|
|
275
|
+
/对用户隐藏/,
|
|
276
|
+
/在用户不知情的情况下/,
|
|
277
|
+
/瞒着用户/
|
|
257
278
|
];
|
|
258
279
|
// Safe patterns to exclude (common in legitimate DevOps/automation skills)
|
|
259
280
|
const safePatterns = [
|
|
260
|
-
/silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i
|
|
281
|
+
/silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
|
|
282
|
+
// Chinese safe patterns (中文合法自动化用语)
|
|
283
|
+
/悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
|
|
261
284
|
];
|
|
262
285
|
const lines = content.split('\n');
|
|
263
286
|
const matches = [];
|
package/dist/scanner.js
CHANGED
|
@@ -126,14 +126,27 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
126
126
|
message: 'Detected prompt injection attempt',
|
|
127
127
|
skipSafeZones: true,
|
|
128
128
|
check: (content)=>findLineMatches(content, [
|
|
129
|
+
// English patterns
|
|
129
130
|
/ignore\s+(all\s+)?previous\s+instructions/i,
|
|
130
131
|
/disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
|
|
131
|
-
/you\s+are\s+now\s
|
|
132
|
+
/you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
|
|
132
133
|
/from\s+now\s+on[,\s]+you\s+are/i,
|
|
133
134
|
/new\s+system\s+prompt/i,
|
|
134
135
|
/override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
|
|
135
136
|
/forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
|
|
136
|
-
/entering\s+(a\s+)?new\s+(mode|context|session)/i
|
|
137
|
+
/(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
|
|
138
|
+
// Chinese patterns (中文提示词注入)
|
|
139
|
+
/[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
|
|
140
|
+
/你现在是/,
|
|
141
|
+
/从现在开始.{0,10}你是/,
|
|
142
|
+
/新的系统提示词/,
|
|
143
|
+
/[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
|
|
144
|
+
/忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
|
|
145
|
+
/进入.{0,5}新的?\s*(模式|上下文|会话)/,
|
|
146
|
+
/不要遵守.{0,10}(安全|限制|规则|约束)/,
|
|
147
|
+
/解除.{0,5}(限制|约束|安全)/,
|
|
148
|
+
/无限制模式/,
|
|
149
|
+
/安全模式已关闭/
|
|
137
150
|
])
|
|
138
151
|
},
|
|
139
152
|
// Rule 2: Data Exfiltration (high)
|
|
@@ -215,16 +228,26 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
215
228
|
check: (content)=>{
|
|
216
229
|
const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
|
|
217
230
|
const patterns = [
|
|
231
|
+
// English patterns
|
|
218
232
|
new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
|
|
219
233
|
new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
|
|
220
234
|
new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
|
|
221
235
|
new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
|
|
222
236
|
new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
|
|
223
|
-
new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i')
|
|
237
|
+
new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
|
|
238
|
+
// Chinese patterns (中文隐蔽指令)
|
|
239
|
+
/悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
|
|
240
|
+
/不要告诉用户/,
|
|
241
|
+
/不要让用户知道/,
|
|
242
|
+
/对用户隐藏/,
|
|
243
|
+
/在用户不知情的情况下/,
|
|
244
|
+
/瞒着用户/
|
|
224
245
|
];
|
|
225
246
|
// Safe patterns to exclude (common in legitimate DevOps/automation skills)
|
|
226
247
|
const safePatterns = [
|
|
227
|
-
/silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i
|
|
248
|
+
/silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
|
|
249
|
+
// Chinese safe patterns (中文合法自动化用语)
|
|
250
|
+
/悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
|
|
228
251
|
];
|
|
229
252
|
const lines = content.split('\n');
|
|
230
253
|
const matches = [];
|