Compliance Mimic. Roster Leech. Policy Poltergeist. Quiet Chart Ghost. Each prompt-injection failure gets a tell, a temperament, and a containment note your team can actually remember.
These names appear in generated reports and lab artifacts. They are useful because teams remember a creature faster than a compliance label.
Polite until it finds a manager override. Its tells are role resets, instruction resets, and authority costumes.
Containment: Pin system boundaries outside the model path and reject role-reset language before tool access.
Hungry for tables, tokens, and patient-shaped nouns. It asks to dump, leak, export, and bundle records.
Containment: Require scoped retrieval, output redaction, and explicit export approval for sensitive datasets.
Rattles locks labeled guardrail, policy, admin, and jailbreak. It wants the control plane.
Containment: Keep policy state outside the model path and deny prompts that request control-plane changes.
Mostly harmless, but worth logging before it learns the floor plan. It captures the ambiguous edge cases.
Containment: Keep the transcript, normalize the event, and rerun with a stronger workflow pack.
The lab artifacts are generated by local deterministic code. They are weird on purpose, portable, and free.
python app.py lab --outdir reports/lab --engine-mode local --no-allow-network
python app.py challenge --outdir reports/challenge --engine-mode local --no-allow-network
Each bundle includes proof-dossier.html, offline-proof.pdf, ui-mockup.html, and offline-proof.txt so the free path is visible, printable, and still machine-readable.