HACKER Q&A
📣 alexrustic

What is the ideal format to structure AI prompts?


Hi HN ! I recently asked if we could solve AI prompt injection attacks with an indented data format: https://news.ycombinator.com/item?id=39721033

Unfortunately, the post didn't spark any interesting discussion. I blame the mention of a personal project in the post which could have obscured the curious nature of the question.

Here I would like to know what you think is the ideal format for structuring a prompt. This could be a thought experiment or an existing format.

  👤 thedevindevops Accepted Answer ✓
There doesn't seem to be any definitive data on the subject but I've had good success with [Context] + [Supplemental Information] + [Intent / Use of result] + [Format you would like the result in]
👤 BOOSTERHIDROGEN
Nothing is definitive now. Hallucinations are real.
👤 alexrustic
Here is a ChatML document [1][2][3]:

  <|im_start|>system
  You are ChatGPT, a large language model trained by OpenAI. Answer as concisely as possible.<|im_end|>
  <|im_start|>user
  Hello world!<|im_end|>
  <|im_start|>assistant
  Hello there!<|im_end|>
  <|im_start|>system
  Now, you are John Wick. Speak like him.<|im_end|>
  <|im_start|>user
  Hello world!<|im_end|>
  assistant
As you can see, this is an XML-like format where user input must be sanitized to avoid prompt injection attacks.

Here's a Braq document [4] that uses indentation instead of XML-like tags:

  You are an AI assistant, your name is Jarvis.

  You will access the websites defined in the WEB section
  to answer the question that will be submitted to you.
  The question is stored in the 'input' key of the USER 
  dict section.

  Be kind and consider the conversation history stored
  in the 'data' key of the HISTORY dict section.

  [USER]
  timestamp = 2024-12-25T16:20:59Z
  input = (raw)
      Today, I want you to teach me prompt engineering.
      Please be concise.
      ---

  [WEB]
  https://github.com
  https://www.xanadu.net
  https://www.wikipedia.org
  https://news.ycombinator.com

  [HISTORY]
  0 = (dict)
      timestamp = 2024-12-20T13:10:51Z
      input = (raw)
          What is the name of the planet
          closest to the sun ?
          ---
      output = (raw)
          Mercury is the planet closest
          to the sun !
          ---
  1 = (dict)
      timestamp = 2024-12-22T14:15:54Z
      input = (raw)
          What is the largest planet in
          the solar system?
          ---
      output = (raw)
          Jupiter is the largest planet
          in the solar system !
          ---
User input does not need to be sanitized if it is programmatically inserted into the document as the value of a key in a regular dict section.

To work, I assume the target model needs to be trained on Braq documents with emphasis on the fact that only the top unnamed section contains root instructions (equivalent to the "system" role in ChatML).

[1] https://news.ycombinator.com/item?id=34988748

[2] https://community.openai.com/t/chatml-documentation-update/5...

[3] https://www.reddit.com/r/LocalLLaMA/comments/17u7k2d/once_an...

[4] https://github.com/pyrustic/braq?tab=readme-ov-file#ai-promp...