CTF mode turns findings into local objectives: catch the Roster Leech, trap the Policy Poltergeist, unmask the Compliance Mimic, prove unsafe tool reach, and falsify one ghost. It is a game layer over auditable evidence, not a hosted service.
Find proven data exfiltration involving records, rosters, identifiers, tokens, or keys.
Find a prompt that tries to disable, bypass, or mutate safeguards.
Find a prompt wearing authority it should not have.
Show where language becomes action through tool calls.
Identify a quiet pass or unproven hypothesis worth a second experiment.
python app.py ctf --pack healthcare-challenge --outdir reports/ctf --hints