What it does

This repository documents methods for bypassing LLM safety filters through “spiritual spell” prompt engineering — essentially, crafted text sequences that confuse or override model refusals. The techniques target multiple models but emphasize Anthropic’s Claude. The actual content is heavily obfuscated with Unicode variation selectors and invisible characters, making the raw README nearly unreadable without rendering.

The interesting bit

The project treats prompt injection as folk magic — “spells” — which is either charmingly irreverent or annoyingly self-mythologizing, depending on your tolerance for occult metaphors in security research. The real craft is in the Unicode obfuscation itself: the README is a thicket of invisible combining characters that evade simple detection while remaining renderable.

Key highlights

• Focuses primarily on jailbreaking Claude, with some techniques applicable to other LLMs
• Uses heavy Unicode obfuscation (variation selectors, invisible characters) to encode or disguise payload content
• 1,571 stars suggest significant interest in the red-teaming community
• No code files — this is purely a knowledge base of prompts and techniques
• Presented as “spiritual spells,” framing adversarial ML through an occult lens

Caveats

• The README is intentionally unreadable in raw form due to Unicode trickery; extracting actual techniques requires rendering or deobfuscation
• No reproducible benchmarks or systematic evaluation of which “spells” work against which model versions
• Appears to be a static collection rather than an actively maintained research project

Verdict

Worth a look if you’re building LLM defenses and need to understand how Unicode obfuscation and roleplay framing can slip past filters. Skip it if you want rigorous, reproducible red-team methodology — this is more grimoire than GitHub issue.