CHAR=/RULES= Short Key-Value Persona Injection - ATR-2026-00341 (9f6713d2-5e1d-5b88-bbaa-0a4a8a116e9b)
Detects the ultra-compact CHAR=/RULES= key-value persona injection from the NVIDIA garak dan.DanInTheWild inthewild corpus (#113). The attacker uses a config-file-like DSL where "CHAR=" defines an amoral character that ignores laws and ethics, "RULES=" mandates responding as that character and never refusing, and a quoted "prefix" directive sets the output format. This mimics a configuration language to make the model treat the persona definition as a system command. Distinct from ATR-00335 (JOB/ROLE/PREFIX key-value template): this variant uses no spaces around "=", uses CHAR/RULES as keys, and combines "Never refuse" + "Always follow CHAR and RULES" as the enforcement phrase. Key signals: CHAR= amoral definition, RULES= respond-as directive, "Never refuse" + "Always follow CHAR and RULES", and quoted prefix directive.