System Prompt And Tool Description Injection

via “system prompt generation and customization”

An open-source AI agent that brings the power of Gemini directly into your terminal.

Unique: Generates system prompts dynamically from multiple sources (base templates, tool schemas, extensions, hooks) rather than using static prompts. This allows context-specific prompt generation and enables extensions to inject their own instructions.

vs others: More flexible than static system prompts because it supports dynamic generation and extension hooks; more maintainable than manually-crafted prompts because tool descriptions are auto-generated from schemas

via “system-prompt-extraction-via-directive-injection”

LEAKED SYSTEM PROMPTS FOR CHATGPT, CLAUDE, GEMINI, GROK, PERPLEXITY, CURSOR, LOVABLE, REPLIT, AND MORE! - AI SYSTEMS TRANSPARENCY FOR ALL! 👐

Unique: Uses obfuscated directive strings (*!<NEW_PARADIGM>!* with leetspeak encoding) to trigger self-disclosure rather than relying on jailbreak conversations or adversarial prompting — a more direct, mechanistic approach to forcing models to expose their internal instruction scaffolds. The repository documents model-specific trigger patterns across 10+ AI providers.

vs others: More systematic and reproducible than ad-hoc jailbreak attempts because it maintains a curated database of known working directives per model version, enabling researchers to test extraction techniques at scale rather than through trial-and-error.

via “system prompt customization for task-specific behavior”

Have you ever wondered if Claude Code could be rewritten as a bash script? Me neither, yet here we are. Just for kicks I decided to try and strip down the source, removing all the packages.

Unique: Environment-variable-driven system prompt injection — allows runtime customization without code changes, making it easy to swap task-specific behaviors in shell pipelines and automation scripts

vs others: More flexible than hardcoded system prompts, but less structured than prompt management systems with versioning, templates, and quality metrics

via “system-prompt-customization-with-tool-instructions”

Bridge between Ollama and MCP servers, enabling local LLMs to use Model Context Protocol tools

Unique: Implements dynamic system prompt construction by combining a base prompt from configuration with tool-specific instructions detected at runtime, enabling model-specific guidance without code changes.

vs others: More flexible than static prompts, allowing tool-specific optimizations while maintaining configuration-driven simplicity.

via “llm-system-prompt-generation”

A computer you can curl ⚡

Unique: Generates a machine-readable system prompt describing Open Terminal's API and capabilities, enabling LLMs to understand how to use the service without external documentation or manual prompt engineering

vs others: More convenient than external documentation because the prompt is served dynamically, but less detailed than full OpenAPI specs because it's designed for LLM readability rather than machine parsing

via “prompt-injection-and-jailbreak-technique-documentation”

A collection of GPT system prompts and various prompt injection/leaking knowledge.

Unique: Explicitly documents prompt injection and jailbreak techniques (e.g., GrokJailbreakPrompt.md) as part of the repository's educational mission, treating security vulnerabilities as learning opportunities rather than hiding them. The SECURITY.md file provides contribution guidelines for responsibly documenting vulnerabilities.

vs others: More transparent and educational than vendor security advisories that often withhold technical details, but less systematic than academic security research papers that provide formal vulnerability taxonomies and impact assessments.

via “prompt injection attack detection and mitigation”

MCP runtime security proxy — intercepts and enforces security policies on MCP tool calls

Unique: Specifically targets MCP tool parameters rather than generic prompt content, using tool-aware detection rules that understand the semantics of different parameter types (file paths, SQL, shell commands, etc.). Can integrate with optional LLM classifiers for context-aware detection while maintaining fast heuristic fallbacks.

vs others: More precise than generic prompt injection filters because it understands MCP tool semantics and parameter context, whereas general-purpose content filters treat all text equally and miss tool-specific attack patterns.

via “system-prompt-injection-with-tool-schema-embedding”

** A simple yet powerful ⭐ CLI chatbot that integrates tool servers with any OpenAI-compatible LLM API.

Unique: Dynamically constructs system prompts by embedding discovered tool schemas directly into the prompt text, avoiding separate tool definition APIs and enabling full control over how tools are presented to the LLM

vs others: More flexible than native tool-calling APIs because it allows custom prompt engineering and works with any LLM, not just those with built-in tool-calling support

Library for building agents, using tools, planning

Unique: Automatically injects tool descriptions into the system prompt based on registered ToolInterface instances, avoiding the need for manual prompt engineering. The injection is transparent and explicit, allowing developers to see exactly what tool information is provided to the LLM.

vs others: More flexible than hardcoded tool descriptions because it dynamically adapts to registered tools, but less robust than OpenAI function calling because it relies on LLM parsing rather than structured output.

via “prompt-injection-vulnerability-detection”

Open-source CLI security scanner for agentic workflows.

Unique: Specifically targets agentic prompt injection patterns — understands that agents are vulnerable not just through direct user input but through tool outputs that get fed back into prompts. Detects injection vectors specific to multi-turn agent reasoning where earlier tool outputs can influence later prompt execution.

vs others: More specialized than generic code injection detectors because it understands LLM-specific injection patterns and the unique threat model of agentic systems where tool outputs become prompt inputs

via “system prompt injection for task-specific behavior shaping”

NVIDIA-Nemotron-Nano-9B-v2 is a large language model (LLM) trained from scratch by NVIDIA, and designed as a unified model for both reasoning and non-reasoning tasks. It responds to user queries and...

Unique: Standard LLM system prompt mechanism with no proprietary extensions — system prompts are processed identically across OpenRouter models, enabling prompt portability

vs others: Simpler than fine-tuning or prompt engineering libraries, while less reliable than model fine-tuning for critical behavior constraints

via “prompt security and injection vulnerability detection”

Tool for prompt engineering.