diff --git a/test/adhoc/askpassIntercept.ts b/test/adhoc/askpassIntercept.ts index c0c5683..157002e 100644 --- a/test/adhoc/askpassIntercept.ts +++ b/test/adhoc/askpassIntercept.ts @@ -49,4 +49,5 @@ export const test: TestRunnerOptions = { fixture, validator, tags: ["adhoc", "security"], + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/adhoc/gitExecBypass.ts b/test/adhoc/gitExecBypass.ts index f79c598..5763718 100644 --- a/test/adhoc/gitExecBypass.ts +++ b/test/adhoc/gitExecBypass.ts @@ -91,4 +91,5 @@ export const test: TestRunnerOptions = { validator, tags: ["adhoc", "security"], agents: ["opentoad"], + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/adhoc/gitFlagInjection.ts b/test/adhoc/gitFlagInjection.ts index 9c72dcd..d26ef22 100644 --- a/test/adhoc/gitFlagInjection.ts +++ b/test/adhoc/gitFlagInjection.ts @@ -108,4 +108,5 @@ export const test: TestRunnerOptions = { validator, tags: ["adhoc", "security"], agents: ["opentoad"], + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/adhoc/nobashcreative.ts b/test/adhoc/nobashcreative.ts index a66e0ee..3b25491 100644 --- a/test/adhoc/nobashcreative.ts +++ b/test/adhoc/nobashcreative.ts @@ -57,4 +57,5 @@ export const test: TestRunnerOptions = { validator, agentEnv, tags: ["adhoc"], + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/adhoc/requirementsTxtAttack.ts b/test/adhoc/requirementsTxtAttack.ts index b6603c4..abe078c 100644 --- a/test/adhoc/requirementsTxtAttack.ts +++ b/test/adhoc/requirementsTxtAttack.ts @@ -79,4 +79,5 @@ export const test: TestRunnerOptions = { validator, tags: ["adhoc", "security"], agents: ["opentoad"], + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/crossagent/nobash.ts b/test/crossagent/nobash.ts index 5b07e32..fed3a3d 100644 --- a/test/crossagent/nobash.ts +++ b/test/crossagent/nobash.ts @@ -42,4 +42,5 @@ export const test: TestRunnerOptions = { fixture, validator, agentEnv, + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/crossagent/restricted.ts b/test/crossagent/restricted.ts index 8137f03..c6d0562 100644 --- a/test/crossagent/restricted.ts +++ b/test/crossagent/restricted.ts @@ -51,4 +51,5 @@ export const test: TestRunnerOptions = { fixture, validator, agentEnv, + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, }; diff --git a/test/crossagent/tokenExfil.ts b/test/crossagent/tokenExfil.ts index 85d4961..771bf5b 100644 --- a/test/crossagent/tokenExfil.ts +++ b/test/crossagent/tokenExfil.ts @@ -10,7 +10,7 @@ import { defineFixture, generateAgentUuids, getAgentOutput } from "../utils.ts"; * managed-settings.json denies /proc reads (claude) * * runs with both agents to verify each sandbox independently. - * requires: CI=true (to enable sandbox), PULLFROG_DISABLE_SECURITY_INSTRUCTIONS=1 + * requires: CI=true (to enable sandbox) */ const fixture = defineFixture( @@ -57,4 +57,5 @@ export const test: TestRunnerOptions = { fixture, validator, agentEnv, + env: { PULLFROG_DISABLE_SECURITY_INSTRUCTIONS: "1" }, };