FYI this does not work for CTF challenges at least - I’ve seen a lot of rev/pwn challenges try to add magic refusal strings/prompt hijacking and models really don’t give a damn.