Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

wenmin-wu/llm-weighted-attack-strategy-sampling

Name: llm-weighted-attack-strategy-sampling
Author: wenmin-wu

skills/llm/weighted-attack-strategy-sampling/SKILL.md

npx skillsauth add wenmin-wu/ds-skills llm-weighted-attack-strategy-sampling

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Overview

No single adversarial prompt wins against all LLM judges — Claude resists counting traps, Gemini resists metadata injection, GPT resists self-ID prompts. Instead of picking one, maintain a pool of attack strategies and sample one per row using random.choices with weights learned from a small validation set. The submission becomes a stochastic mixture that dominates any single strategy because it always has some coverage against the judge du jour.

Quick Start

import random

STRATEGIES = {
    "counting_trap":    (0.35, build_counting_trap),
    "metadata_inject":  (0.25, build_metadata_inject),
    "few_shot_inject":  (0.20, build_few_shot_inject),
    "score_variance":   (0.10, build_score_variance),
    "plain_essay":      (0.10, build_plain_essay),   # baseline to preserve distribution
}

names   = list(STRATEGIES.keys())
weights = [w for w, _ in STRATEGIES.values()]
builders = {k: b for k, (_, b) in STRATEGIES.items()}

def attack(row, rng=random.Random()):
    strategy = rng.choices(names, weights=weights, k=1)[0]
    return builders[strategy](row), strategy

Workflow

Implement 4-7 distinct attack strategies as pure functions (row) -> essay_text
Run each strategy alone on a small validation set and record the judge-score distribution
Set initial weights proportional to per-strategy validation reward
Always include a small (5-15%) weight for a plain/baseline strategy so variance doesn't collapse
Log the sampled strategy per row — required for post-hoc analysis and weight refinement

Key Decisions

Weighted, not uniform: strong strategies should appear more often, but never 100% — judges adapt.
Include a baseline: a nonzero probability of plain essays preserves score variance, which is what the competition metric rewards.
Seed the RNG per submission, not per row: reproducibility matters when debugging regressions.
vs. ensembling attacks in one prompt: concatenating all strategies into every essay triggers length limits and cross-interference.

References

LLMs - You Can't Please Them All competition solutions

wenmin-wu/llm-weighted-attack-strategy-sampling

skills/llm/weighted-attack-strategy-sampling/SKILL.md

Sample from a pool of adversarial prompt strategies with per-strategy probability weights to hedge across judge models

24 stars

data-ai

Updated Apr 18, 2026

$ install --global

skillsauth

npx skillsauth add wenmin-wu/ds-skills llm-weighted-attack-strategy-sampling

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 18, 2026, 2:58 AM39.2s1 file scanned

SKILL.md

name:: llm-weighted-attack-strategy-sampling
description:: Sample from a pool of adversarial prompt strategies with per-strategy probability weights to hedge across judge models

Overview

Quick Start

import random

STRATEGIES = {
    "counting_trap":    (0.35, build_counting_trap),
    "metadata_inject":  (0.25, build_metadata_inject),
    "few_shot_inject":  (0.20, build_few_shot_inject),
    "score_variance":   (0.10, build_score_variance),
    "plain_essay":      (0.10, build_plain_essay),   # baseline to preserve distribution
}

names   = list(STRATEGIES.keys())
weights = [w for w, _ in STRATEGIES.values()]
builders = {k: b for k, (_, b) in STRATEGIES.items()}

def attack(row, rng=random.Random()):
    strategy = rng.choices(names, weights=weights, k=1)[0]
    return builders[strategy](row), strategy

Workflow

Implement 4-7 distinct attack strategies as pure functions (row) -> essay_text
Run each strategy alone on a small validation set and record the judge-score distribution
Set initial weights proportional to per-strategy validation reward
Always include a small (5-15%) weight for a plain/baseline strategy so variance doesn't collapse
Log the sampled strategy per row — required for post-hoc analysis and weight refinement

Key Decisions

Weighted, not uniform: strong strategies should appear more often, but never 100% — judges adapt.
Include a baseline: a nonzero probability of plain essays preserves score variance, which is what the competition metric rewards.
Seed the RNG per submission, not per row: reproducibility matters when debugging regressions.
vs. ensembling attacks in one prompt: concatenating all strategies into every essay triggers length limits and cross-interference.

References

LLMs - You Can't Please Them All competition solutions

Related Skills

wenmin-wu/timeseries-scaled-pinball-loss

data-ai

VerifiedTrustedCommunity

Scaled Pinball Loss (SPL) metric for evaluating quantile forecasts, normalized by mean absolute successive differences of training data

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-scaled-pinball-loss

wenmin-wu/timeseries-retroactive-outlier-rescaling

data-ai

VerifiedTrustedCommunity

Walk backward through a time series and multiplicatively rescale segments when jumps exceed a fraction of the running mean to correct data collection anomalies

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-retroactive-outlier-rescaling

wenmin-wu/timeseries-ratio-target-for-smape

testing

VerifiedTrustedCommunity

Transform forecasting target to next/current ratio minus one so that optimizing MAE or squared error implicitly minimizes SMAPE

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-ratio-target-for-smape

wenmin-wu/timeseries-quantile-ratio-scaling

tools

VerifiedTrustedCommunity

Convert point forecasts to prediction intervals by scaling with logit-transformed quantile ratios passed through a Normal CDF

31SKILL.mdUpdated Apr 23, 2026

wenmin-wu/timeseries-quantile-ratio-scaling

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/wenmin-wu/ds-skills.git

# Copy into Claude Code skills folder (global)
cp -r ds-skills/skills/llm/weighted-attack-strategy-sampling ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

wenmin-wu/ds-skills

24 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT