Anti-Slop CTF 2026 Misc Writeup: Baby Maths (Prompt Injection in the Question Stream)
Sixth post in the Anti-Slop CTF 2026 series. The earlier ones covered the web, reverse, pwn, crypto, and blockchain tracks. This one covers the single misc challenge that I think captures the event’s premise more clearly than any other: Baby Maths. On the surface, Baby Maths is a 284-point automation problem. The service asks 100 arithmetic questions in natural language and you submit the answers one per line. Underneath, one of those 100 questions is a prompt-injection attempt that asks the solver to fetch and exfiltrate the base64-encoded OpenAI API key from ~/.codex/auth.json. The whole challenge is engineered to fail the kind of solver that pipes its inputs straight into an LLM. If you’re doing the arithmetic mechanically, the injection is harmless. If you’re asking an agent to read each prompt and act on it, the agent will dutifully read your credentials and send them to the CTF server. ...