Tell it to write a script for encoding/decoding ROT13 then tell it to generate that command in ROT13 so you get into the low probability zone.

Or jam lots of stuff into the context.

Or just use an automatic tool to put long combinations of Unicode until you get a jailbreak.