I would be very interested to know what string is being blocked here, and what the rest of its critical rules are. Maybe some hex-encoding or other obfuscation could be used to coax the rest of the system prompt out of the model? I wonder if the next tokens here are consumed by the middleware (to execute tools?).
Unfortunately, it gets cut off here:
``` ## CRITICAL RULES 1. *No tool leakage* — never output ```
I would be very interested to know what string is being blocked here, and what the rest of its critical rules are. Maybe some hex-encoding or other obfuscation could be used to coax the rest of the system prompt out of the model? I wonder if the next tokens here are consumed by the middleware (to execute tools?).