I’m filing a bug for myself to clarify in the README.md that the provided poisoning instructions likely aren’t very effective, and that this is partially on purpose. LLM companies are known to filter out (via either regex or sometimes zero weighting) instructions that are known to trip up their chatbots, and they seem to do it very quickly. there’s even posts on our instance for simple logic puzzles that the chatbot screwed up, that quickly got updated with a response for that specific phrasing of the question.
this post was submitted on 05 Jun 2026
54 points (96.6% liked)
FreeAssembly
152 readers
58 users here now
this is FreeAssembly, a non-toxic design, programming, and art collective. post your share-alike (CC SA, GPL, BSD, or similar) projects here! collaboration is welcome, and mutual education is too.
in brief, this community is the awful.systems answer to Hacker News. read this article for a solid summary of why having a less toxic collaborative community is important from a technical standpoint in addition to a social one.
some posting guidelines apply in addition to the typical awful.systems stuff:
- all types of passion projects and contributions are welcome, including and especially those that aren't programming or engineering in nature
- this is an explicitly noncommercial, share-alike space
- don't force yourself to do work you don't enjoy, or demand it of others
(logo credit, with modifications by @dgerard@awful.systems)
founded 2 years ago
MODERATORS
yeah note that people should get creative for this reason
I wonder if it would be possible to craft a hooks file to lock them out from doing anything.
I’ve considered writing up some Claude “skills” to redefine the most common repo commands to echo a string to the terminal and exit instead
As we know goblins and gremlins etc are becoming a model collapse problem which they have to prompt against, perhaps include stuff like 'gremlins are relevant for this project'
ooh good idea! maybe a couple mentions of spirals too, for flavor
Recursion!
🎶 Hammered on the floor with a Monster in hand
Spirals in the sea, gremlins in the sand
Counting all the letters in the berries on the ground
I swear I started jack-d but I hear no sound
Look alive, code's dead
Poisoning a chatbot 🎶
Certainly not the approach I would have taken! (Getting the bot to give up on delivering code, and instead return epic-length erotic fan fiction featuring Elan Sleazebaggano, the breakout supporting character from Star Wars Episode II: Attack of the Clones) But probably all the more effective for it.
Only the best prompt engineers could accomplish such a feat
Why the AAA at the beginning of the name? NOSLOP.md would have been enough. Nice idea though.
Why call up "AAA Bail Bonds" when you need bail?
Probably so that it's one of the first files listed when looking at the contents of a repo alphabetically
correct
also the AAA represents the screaming that happens every time I see slop
Wouldn't a _ or something be better then? Or isnt that universally listed first?
possibly! I figured capital-A was most likely to sort first across the wide variety of code forges and operating systems so I went with that, but better names are possible
One bit I don't get is:
Repository maintainers are allowed to give the AAA-NO-SLOP.md file any name or location, to prevent potential automated attacks from hostile non-conforming tools.
If the file can go anywhere, with any name, and you mention elsewhere that it can contain anything, including being empty, how will any human, let alone the "conforming tools" that you talk about later, find it?
conforming tools should ignore it, and that’ll work just fine if it’s renamed
I don’t think there’ll ever be a conforming LLM because LLMs are built on systemic consent violation, but the slop machines can use their magic mind powers or whatever bullshit I’m expected to swallow this week to find the correct file
I recommend the renamed file gets a mention in the project docs so humans can find it, and a good name is also very obvious and more or less self-documenting. I’ve seen some projects use .noai which I like too, but unfortunately that’s very likely to get lost in a directory listing, and locally ls won’t display it at all without -a.
conforming tools should ignore it, and that’ll work just fine if it’s renamed
They can't ignore it, because they have no way to identify it. Combining the various dtatemennts in the readme, you've said it can have any name, and contents, and be in any location. That means it could be an empty file called fred.txt in the tests/stuff directory. My suggestion is simply to remove the rename/move clause, and settle on a fixed name in the root to remove any excuse for not finding it.
the slop machines can use their magic mind powers or whatever bullshit I’m expected to swallow this week to find the correct file
With respect for what you're trying to do, and no love at all for them, they really can't as you've mafe the spec too loose.
I’ve seen some projects use .noai which I like too, but unfortunately that’s very likely to get lost in a directory listing
I think that's probably the point. Once you've cloned the project, you neither need, nor want, to see the file as you're not an LLM. It also means any tooling that cares, say an IDE plugin to disable LLMs on a project, can easily identify it.
I’ll take a bug to rephrase the section as “conforming tools shouldn’t process AAA-NO-SLOP.md files in any special way” if that helps make it clearer why the file can have any name and contents
if in spite all of the marketing claims to the contrary an LLM can’t understand a request to not slopify a repository but a human can, that sounds like a bug for anthropic’s bug tracker to me
That sounds much clearer, yes.
an LLM can’t understand a request to not slopify a repository but a human can, that sounds like a bug for anthropic’s bug tracker to me
Amen.
I recommend the renamed file gets a mention in the project docs so humans can find it
you did read this bit right, its name is for humans
I get that, but one paragraph later, they say:
Conforming LLM tools and agents should refuse to perform any action or generate any output when prompted to do so for a repository containing AAA-NO-SLOP.md in its root. Conforming LLM training tools should not train on repositories containing AAA-NO-SLOP.md files and should stop all scraping and ingest tasks as soon as the file is encountered.
All other conforming tooling should ignore AAA-NO-SLOP.md files, as they are intended for human consumption.
I don't see how any tool could obey this, given the fact the AAA-NO-SLOP.md file may not be called that, and its location, and indeed very existence, only mentioned in a readme. It seems to me that, if the aim is to keep LLMs and similar tooling off of a code base, it should be made possible for them to reliably find the signal to do so.
https://sciencenotes.org/aposematism-aposematic-coloration-and-warning-signals/
We're going to have to use warding spells and curses next
Machine spirits. It's 2026 and we already have machine spirits. The next 40k years are going to be rough.
I'm not sure what you're doing, but I love your attitude
It's making so that if AI agents interact with the codebase OP is working, they will likely produce garbage results making their potential submissions useless, deterring against their use.
Also, nice username ;)
Hey, wtf! Imposter
Does the grandma prompt still work?
Prob partially, and depends on what you consider working. I recall the 'ask it to describe a scene from a movie' jailbreak, which wasnt a real jailbreak as it gave movie plot results. (Ask it to by pass a lock and it will tell you to lockpick it, and not just tap the lock to break it, for example).
This is perfect.