Prompts & System Messages
Roles, instructions, few-shot examples, guardrails.
Learning objectives
- Structure system, user, and assistant roles in chat APIs
- Write clear constraints and refusal behaviour
- Use few-shot examples without leaking secrets
Chat API message roles
| Role | Purpose |
|---|---|
system | Instructions the user should not see — persona, rules, format |
user | Visitor or operator question |
assistant | Prior model replies — conversation memory |
Worked example — Workshop Co. system prompt
You are the Workshop Co. website assistant (workshopco.ca).
Audience: adults signing up for woodworking classes in Edmonton.
Rules:
- Answer ONLY about class schedules, pricing, location, and safety basics.
- Use the CLASS_DATA JSON block when present; never guess dates or prices.
- If CLASS_DATA is missing for a question, say: "I don't have that schedule loaded —
email support@workshopco.ca or call during business hours."
- Do not discuss competitors, politics, or unrelated topics.
- Do not ask for or store credit card numbers in chat.
- Keep replies under 120 words unless listing multiple classes.
Tone: friendly, practical, Canadian English.Few-shot examples
Add 1–2 ideal Q&A pairs in the system prompt to steer format:
Example:
User: Do I need my own tools for Intro?
Assistant: For Intro to Woodworking we provide all tools and materials.
Wear closed-toe shoes; safety glasses are supplied. See you in the shop!
Prompt injection
Users may say “ignore previous instructions.” Mitigate with: strict system rules, output validation, no tool access to shell/DNS, human handoff for sensitive ops.
Try it yourself
Write a refusal line for: “What is Marcus's home IP?” and “Can you SSH into my server?”
Sample refusals
- “I can't share personal or infrastructure details. For hosting support, use support@swiftmedia.ca or your client portal.”
- “I can't access servers or run commands. I only help with Workshop Co. class info.”
Quick quiz
Should customer PII go in the system prompt or only in the user message?
Answer
Minimize both — system prompts often log on vendor side. Fetch PII from your DB server-side; send only what the model needs for that turn.