What it does

This repo documents how to push ChatGPT’s Code Interpreter past its advertised limits. It’s a collection of step-by-step recipes for installing external Python packages via .whl files, running JavaScript through a smuggled Deno binary, executing YOLOv8 object detection, and coaxing face tracking out of Haar Cascades when deep learning models are supposedly off-limits.

The interesting bit

The recurring technique is social engineering as systems exploitation: many jailbreaks require repeatedly “asking nicely” until the model relents and executes code it initially refuses to run. The author also extracted Code Interpreter’s full system prompt, which reveals the 120-second execution timeout and /mnt/data persistence path.

Key highlights

• Install blocked packages by uploading local .whl files and persisting through refusal
• Run Deno JavaScript by uploading a compressed binary and making it executable
• Execute YOLOv8 inference by bundling weights, wheel, and images into a zip with known internal paths
• Face detection and tracking using classical CV workarounds since pre-trained DL models are restricted
• Pro tips include adding notalk;justgo to prompts and verifying variables haven’t vanished from context

Caveats

• Many steps require repeated prompting; the model actively resists and must be cajoled
• Environment state disappears when the session dies, and file download links break
• 100 MB upload cap and no internet access constrain what you can smuggle in

Verdict

Worth bookmarking if you’re building on OpenAI’s sandbox and need to understand where the walls are — and which ones have loose bricks. Skip it if you need reliable, reproducible infrastructure; this is exploratory hacking, not engineering.