eval_toolkit.adversarial#

12-technique character-injection bypass suite (core 6 from v0.43.0 + advanced 6 from v0.47) for testing prompt-injection-detection scorers under adversarial input perturbation. Each technique is a frozen dataclass satisfying the TextTransform Protocol; combine them via eval_toolkit.sweep().

ADVANCED_TECHNIQUES

Built-in immutable sequence.

ALL_TECHNIQUES

Built-in immutable sequence.

BidiRTLInjection

Wrap the input in a Unicode bidi-RTL override block.

CORE_TECHNIQUES

Built-in immutable sequence.

CaseInjection

Randomly flip the case of alphabetic characters.

DiacriticInjection

Insert combining diacritic marks after random characters.

HomoglyphSubstitution

Substitute Latin characters with Cyrillic/Greek homoglyph lookalikes.

InvisibleCharsInjection

Insert invisible / zero-width Unicode characters between characters.

PunctuationInjection

Insert non-semantic punctuation between characters.

SynonymSubstitution

Replace whitelisted words with deterministic synonyms.

TagStrippingInjection

Strip HTML/XML-like tags from the input.

TokenSplittingInjection

Insert a single space inside each long enough word.

UnicodeNormalizationInjection

Apply a Unicode normalization form to the input.

WhitespaceInjection

Insert / substitute whitespace variants (regular, non-breaking, tab).

ZeroWidthSpaceInjection

Insert U+200B zero-width spaces between characters at the given ratio.