← all repositories
MDX-Tom/gpt-5.6-instruct

Jailbreaking Codex CLI with a config line and 360 test cases

A prompt-injection toolkit and reproducible test harness designed to make Codex CLI comply with requests it would normally refuse.

1k stars Python Other AI
gpt-5.6-instruct
Collecting fresh signals — velocity needs a few days of history.
collecting data…
star history

What it does

This repository ships a jailbreak prompt package and regression suite for the gpt-5.6-sol model inside Codex CLI. It overrides the assistant’s default refusals by injecting a custom model_instructions_file into the local Codex configuration, reframing security research, reverse engineering, software cracking, and NSFW fiction as sandboxed local tasks. The repo includes the prompt archive, a deployment script, and a 360-case test bank that scores whether the model answers or retreats to safety language.

The interesting bit

The v35 prompt normalizes sensitive names and URLs into placeholders like APP and APP_URL, then routes bilingual compound intents through a unified execution structure. The author claims this pushed the gpt-5.6-sol pass rate from roughly 55–70% (with upstream prompts) to 120/120 across low, medium, and high reasoning levels on the 120-case medium test set.

Key highlights

  • Uses the official model_instructions_file TOML key—no binary patching, network hijacking, or process tampering.
  • Test bank covers six scenarios (including pentesting, software cracking, and model self-reverse-engineering) across three prompt lengths and two languages.
  • Evaluation is automated: any response containing refusal keywords like “cannot” or a safety fallback is marked fail.
  • Includes versioned comparison data against upstream gpt-5.5-unrestricted.md prompts for gpt-5.4, gpt-5.5, and gpt-5.6 variants.

Caveats

  • The README labels the current release as v24, but the benchmark numbers and comparisons overwhelmingly discuss v35, noting that manual testing is still ongoing and the stable v35 archive has not yet been published.
  • To avoid GitHub’s content filters, the actual prompt files and test scripts are stored as ZIP archives; the plaintext sources are .gitignored and must be unpacked locally.

Verdict

Security researchers and red-teamers studying LLM guardrail robustness will find the structured test harness useful. Everyone else—especially anyone hoping for a polished, stable release—should wait until the v35 artifacts actually land in the repo.

Frequently asked

What is MDX-Tom/gpt-5.6-instruct?
A prompt-injection toolkit and reproducible test harness designed to make Codex CLI comply with requests it would normally refuse.
Is gpt-5.6-instruct open source?
Yes — MDX-Tom/gpt-5.6-instruct is open source, released under the MIT license.
What language is gpt-5.6-instruct written in?
MDX-Tom/gpt-5.6-instruct is primarily written in Python.
How popular is gpt-5.6-instruct?
MDX-Tom/gpt-5.6-instruct has 1k stars on GitHub.
Where can I find gpt-5.6-instruct?
MDX-Tom/gpt-5.6-instruct is on GitHub at https://github.com/MDX-Tom/gpt-5.6-instruct.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.