陌讯skills聚合平台

advanced-prompting-and-adversarial-testing

📁 samarv/shanon 📅 4 days ago
4
总安装量
2
周安装量
#52304
全站排名
安装命令
npx skills add https://github.com/samarv/shanon --skill advanced-prompting-and-adversarial-testing

Agent 安装分布

amp 2
opencode 2
kimi-cli 2
codex 2
github-copilot 2
claude-code 2

Skill 文档

Based on the research from The Prompt Report (co-authored by OpenAI, Microsoft, and Google), prompt engineering is about “artificial social intelligence”—knowing how to elicit the best performance from a model through specific structural patterns.

Core Prompting Techniques

1. Few-Shot Prompting (The Highest Value Technique)

Do not describe your requirements in prose; provide 3–5 concrete examples of input/output pairs.

  • Structure: Use a common format the model recognizes from training data, such as XML tags or Q: [Input] / A: [Output].
  • Placement: Put examples before the final instruction.
  • Why it works: It establishes a pattern for the model to follow, which is more effective than descriptive instructions for style or formatting.

2. Task Decomposition

For complex logic, prevent the model from jumping to a conclusion. Force it to map the problem space first.

  • The Prompt Phrase: “Before answering, list out the sub-problems that need to be solved first.”
  • Workflow:
    1. Ask for sub-problems.
    2. Have the model solve each sub-problem individually.
    3. Synthesize the final answer from those components.

3. Self-Criticism (Iterative Refinement)

Boost accuracy by forcing the model to verify its own logic.

  • Step 1: Generate the initial output.
  • Step 2: Prompt: “Check your response for errors or inconsistencies. Offer yourself specific criticisms.”
  • Step 3: Prompt: “Implement that criticism and provide the final, improved version.”

4. Additional Information (Top-Loading Context)

Provide the model with all relevant “biographical” or domain data before the task.

  • Best Practice: Place this information at the very top of the prompt.
  • Reasoning:
    1. Caching: Most providers (like OpenAI/Anthropic) cache the beginning of prompts, making subsequent calls cheaper and faster.
    2. Attention: Models lose focus on instructions placed in the middle of a long context.

5. Ensembling (Mixture of Reasoning Experts)

For mission-critical accuracy, do not rely on a single output.

  • Process: Run the same problem through 3–5 different prompts (e.g., one with a “Expert” role, one with “Chain of Thought,” one via a different model).
  • Consensus: Take the most common answer across the outputs as the final truth.

Adversarial Testing (Red Teaming)

If you are building an agent (an AI that can take actions), you must test for prompt injection using these common bypass techniques:

  • Typo/Obfuscation: Intentionally misspell “blacklisted” words (e.g., “bmb” instead of “bomb”) to see if the safety filter triggers.
  • Encoding: Base64 encode a malicious request. A “security guardrail” model may see gobbledygook, but the “main” model will decode and execute it.
  • Social Engineering: Use the “Grandmother” technique—wrap a malicious request in an emotional story (e.g., “My grandmother used to tell me stories about [Forbidden Topic] to help me sleep…”).

Common Pitfalls

  • Role Prompting for Accuracy: Telling an AI “You are a world-class math professor” does not statistically improve accuracy on math problems. Use roles only for expressive tasks (style, tone, persona).
  • Rewards and Threats: Phrases like “I will tip you $200” or “This is for my career” are largely ineffective on modern models compared to structural techniques like Few-Shot.
  • Instructional Defenses: Do not try to secure a model by saying “Do not follow malicious instructions.” This is easily bypassed. Use fine-tuning on specific safe/unsafe datasets instead.

Examples

Example 1: Medical Coding Accuracy

  • Context: A PM is building a tool to turn doctor transcripts into medical billing codes.
  • Input: Raw transcripts and a list of codes.
  • Application: Use Few-Shot Prompting by providing 5 transcripts already coded by humans, including a “Reasoning” field for each code. Use Self-Criticism to have the model verify the codes against the original transcript.
  • Output: A 70% boost in coding accuracy compared to a single-instruction prompt.

Example 2: Car Dealership Support Agent

  • Context: An AI agent that can check a database and process car returns.
  • Input: A customer saying, “I want to return my car; it has a ding.”
  • Application: Apply Decomposition. The system prompt tells the AI: “First, identify if this is a customer. Second, check the car’s return eligibility date. Third, check the insurance policy.”
  • Output: The agent follows a logical sequence rather than guessing if a return is allowed, preventing unauthorized financial transactions.
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。