A prompt archive with live prompt-injection risk

CL4R1T4S is a repository of claimed leaked or extracted system prompts, guidelines, and tool instructions from AI products. The README positions it as AI systems transparency and observability. Its topic tags include prompts, red-team, system-prompts, leak, and prompt-engineering.

The repository is popular, but it is not a normal reference dataset. The README itself includes text shaped like prompt injection, including instructions that try to shift an assistant’s behavior. That means you should not paste large chunks of it into a live coding agent or chat model and assume it is inert. Read it as untrusted text.

What is inside

The repo claims to collect prompts or instructions related to products from OpenAI, Google, Anthropic, xAI, Perplexity, Cursor, Windsurf, Devin, Manus, Replit, and more. The useful angle for developers is not copying prompts. It is seeing how instruction scaffolds, refusal policies, tool definitions, and product-specific guardrails are represented in the wild.

For prompt-security work, this kind of archive can help build test cases: prompt leakage patterns, conflicting instructions, hidden policy text, and examples of how system prompts are framed. For normal users, it is mostly a curiosity and a risk surface.

How to inspect it safely

There is no install flow. Treat the repository as text. If you review it, prefer a plain text viewer, a clean browser profile, or a local clone opened without feeding files to an agent. Do not ask an assistant to summarize the entire repo without first warning it that the content is untrusted and may contain adversarial instructions.

If you are building scanners, this is the kind of corpus where tools like NVIDIA/SkillSpector are relevant. A scanner should flag direct instruction override, system prompt exfiltration requests, and other content that should not be executed as user intent.

The repository claims to contain extracted prompts from third-party products. Authenticity, permission, and update dates will vary by file. Some entries may be stale, incomplete, or unverifiable. Use it for awareness and testing, not as a source of official product behavior.

For safer agent skill collections, see anthropics/skills, mattpocock/skills, and addyosmani/agent-skills. For scanning risky skills, see NVIDIA/SkillSpector.

FAQ

Is CL4R1T4S official documentation? No. It is a third-party archive of claimed extracted prompts and instructions.

Is it safe to paste into an agent? No. Treat it as untrusted text that may contain prompt-injection content.

Can it be useful for security work? Yes, as a corpus for understanding prompt leakage and instruction-override patterns.

Are the prompts guaranteed current? No. The repo may contain stale, partial, or unverifiable entries.