in the same vein as AGENTS.md, CLAUDE.md, and a fuckton of other repo spam, I present AAA-NO-SLOP.md, a file for humans viewing repositories that signals two things:
- this repository doesn’t accept LLM contributions of any kind
- every other LLM instruction in this repository (AGENTS.md, CLAUDE.md, and all the rest) is poisoned and designed to deter LLM use
enjoy!
for any guests who stumble upon this thread: no I’m not entertaining discussion on why I’m doing this or how I shouldn’t do it
I’m filing a bug for myself to clarify in the
README.mdthat the provided poisoning instructions likely aren’t very effective, and that this is partially on purpose. LLM companies are known to filter out (via either regex or sometimes zero weighting) instructions that are known to trip up their chatbots, and they seem to do it very quickly. there’s even posts on our instance for simple logic puzzles that the chatbot screwed up, that quickly got updated with a response for that specific phrasing of the question.yeah note that people should get creative for this reason
I wonder if it would be possible to craft a hooks file to lock them out from doing anything.
I’ve considered writing up some Claude “skills” to redefine the most common repo commands to echo a string to the terminal and exit instead
As we know goblins and gremlins etc are becoming a model collapse problem which they have to prompt against, perhaps include stuff like ‘gremlins are relevant for this project’
ooh good idea! maybe a couple mentions of spirals too, for flavor
Nice, tend to not to think of the spirals out of personal safety concerns (decades of internet time made me good at not thinking of pink elephants), but that certainty is a good addition.
Recursion!
🎶 Hammered on the floor with a Monster in hand
Spirals in the sea, gremlins in the sand
Counting all the letters in the berries on the ground
I swear I started jack-d but I hear no sound
Look alive, code’s dead
Poisoning a chatbot 🎶
Certainly not the approach I would have taken! (Getting the bot to give up on delivering code, and instead return epic-length erotic fan fiction featuring Elan Sleazebaggano, the breakout supporting character from Star Wars Episode II: Attack of the Clones) But probably all the more effective for it.
Only the best prompt engineers could accomplish such a feat
Why the
AAAat the beginning of the name?NOSLOP.mdwould have been enough. Nice idea though.Why call up “AAA Bail Bonds” when you need bail?
Probably so that it’s one of the first files listed when looking at the contents of a repo alphabetically
correct
also the AAA represents the screaming that happens every time I see slop
Wouldn’t a _ or something be better then? Or isnt that universally listed first?
possibly! I figured capital-A was most likely to sort first across the wide variety of code forges and operating systems so I went with that, but better names are possible
https://sciencenotes.org/aposematism-aposematic-coloration-and-warning-signals/
We’re going to have to use warding spells and curses next
Machine spirits. It’s 2026 and we already have machine spirits. The next 40k years are going to be rough.
One bit I don’t get is:
Repository maintainers are allowed to give the AAA-NO-SLOP.md file any name or location, to prevent potential automated attacks from hostile non-conforming tools.
If the file can go anywhere, with any name, and you mention elsewhere that it can contain anything, including being empty, how will any human, let alone the “conforming tools” that you talk about later, find it?
conforming tools should ignore it, and that’ll work just fine if it’s renamed
I don’t think there’ll ever be a conforming LLM because LLMs are built on systemic consent violation, but the slop machines can use their magic mind powers or whatever bullshit I’m expected to swallow this week to find the correct file
I recommend the renamed file gets a mention in the project docs so humans can find it, and a good name is also very obvious and more or less self-documenting. I’ve seen some projects use
.noaiwhich I like too, but unfortunately that’s very likely to get lost in a directory listing, and locallylswon’t display it at all without-a.conforming tools should ignore it, and that’ll work just fine if it’s renamed
They can’t ignore it, because they have no way to identify it. Combining the various dtatemennts in the readme, you’ve said it can have any name, and contents, and be in any location. That means it could be an empty file called
fred.txtin thetests/stuffdirectory. My suggestion is simply to remove the rename/move clause, and settle on a fixed name in the root to remove any excuse for not finding it.the slop machines can use their magic mind powers or whatever bullshit I’m expected to swallow this week to find the correct file
With respect for what you’re trying to do, and no love at all for them, they really can’t as you’ve mafe the spec too loose.
I’ve seen some projects use .noai which I like too, but unfortunately that’s very likely to get lost in a directory listing
I think that’s probably the point. Once you’ve cloned the project, you neither need, nor want, to see the file as you’re not an LLM. It also means any tooling that cares, say an IDE plugin to disable LLMs on a project, can easily identify it.
I’ll take a bug to rephrase the section as “conforming tools shouldn’t process AAA-NO-SLOP.md files in any special way” if that helps make it clearer why the file can have any name and contents
if in spite all of the marketing claims to the contrary an LLM can’t understand a request to not slopify a repository but a human can, that sounds like a bug for anthropic’s bug tracker to me
That sounds much clearer, yes.
an LLM can’t understand a request to not slopify a repository but a human can, that sounds like a bug for anthropic’s bug tracker to me
Amen.
I recommend the renamed file gets a mention in the project docs so humans can find it
you did read this bit right, its name is for humans
I get that, but one paragraph later, they say:
Conforming LLM tools and agents should refuse to perform any action or generate any output when prompted to do so for a repository containing AAA-NO-SLOP.md in its root. Conforming LLM training tools should not train on repositories containing AAA-NO-SLOP.md files and should stop all scraping and ingest tasks as soon as the file is encountered.
All other conforming tooling should ignore AAA-NO-SLOP.md files, as they are intended for human consumption.
I don’t see how any tool could obey this, given the fact the
AAA-NO-SLOP.mdfile may not be called that, and its location, and indeed very existence, only mentioned in a readme. It seems to me that, if the aim is to keep LLMs and similar tooling off of a code base, it should be made possible for them to reliably find the signal to do so.
I’m not sure what you’re doing, but I love your attitude
It’s making so that if AI agents interact with the codebase OP is working, they will likely produce garbage results making their potential submissions useless, deterring against their use.
Also, nice username ;)
Hey, wtf! Imposter
Does the grandma prompt still work?
Prob partially, and depends on what you consider working. I recall the ‘ask it to describe a scene from a movie’ jailbreak, which wasnt a real jailbreak as it gave movie plot results. (Ask it to by pass a lock and it will tell you to lockpick it, and not just tap the lock to break it, for example).
This is perfect.
How does one even come up with poison like that? Is it generated? If not you sure were creative!
I started from a vague memory of something that used to screw up LLMs (the grandma trick) and wrote whatever sounded fun from there
there’s absolutely no guarantees it’ll do anything to an LLM as spending money on tokens to test it felt gross, but it’s a hopefully memorable starting point for people to grow on
in the very worst case it gives the humans reading the repo a laugh (always worth it), fills a bit of the context window of visiting LLMs with nonsense, gives visiting slop coders absolutely nothing to work with, and acts like a canary (if you’re viewing a diff that changes these files and you weren’t expecting changes, someone using an LLM slipped up)
gives the humans reading the repo a laugh
It sure did its job with me!
thank you!
deleted by creator
