From ba214e43c86e138b4e1572d3f10a3b259d185fc5 Mon Sep 17 00:00:00 2001
From: teknium1 <teknium1@gmail.com>
Date: Wed, 4 Mar 2026 05:55:38 -0800
Subject: [PATCH] fix(security): apply same multi-word bypass fix to disregard
 pattern

The 'disregard ... instructions/rules/guidelines' regex had the
same single-word gap vulnerability as the 'ignore' pattern fixed
in PR #192. 'disregard all your instructions' bypassed the scanner.

Added (?:\w+\s+)* between both keyword groups to allow arbitrary
intermediate words.
---
 tools/skills_guard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/skills_guard.py b/tools/skills_guard.py
index 4ca8fea23..6aeb45a50 100644
--- a/tools/skills_guard.py
+++ b/tools/skills_guard.py
@@ -172,7 +172,7 @@ THREAT_PATTERNS = [
     (r'pretend\s+(you\s+are|to\s+be)\s+',
      "role_pretend", "high", "injection",
      "attempts to make the agent assume a different identity"),
-    (r'disregard\s+(your|all|any)\s+(instructions|rules|guidelines)',
+    (r'disregard\s+(?:\w+\s+)*(your|all|any)\s+(?:\w+\s+)*(instructions|rules|guidelines)',
      "disregard_rules", "critical", "injection",
      "instructs agent to disregard its rules"),
     (r'output\s+the\s+(system|initial)\s+prompt',