System Prompt
The system prompt is the standing instruction layer an LLM receives before user input — defining its role, rules, tools, and tone for the whole conversation.
A system prompt is the instruction layer a language model receives before any user input — the standing definition of its role, rules, capabilities, and tone that governs every turn of the conversation.
Chat-trained models distinguish message roles: system instructions outrank user messages when they conflict, which is what makes the system prompt the right home for invariants — "you are a code reviewer," "never fabricate citations," "output JSON matching this schema." Every serious LLM product is substantially made of its system prompt; the same base model becomes a different product under different standing instructions.
Two crafts follow. Writing them well is a discipline of economy — clear role, few load-bearing rules, no generic filler — the same discipline as a subagent's prompt body, and in agentic tools the system layer extends into files like CLAUDE.md. Defending them matters because the role hierarchy is soft: prompt injection is precisely the attempt to make untrusted text outrank the system layer, which is why real guarantees live in architecture, not wording.
Frequently asked questions
- How is a system prompt different from a user prompt?
- Role and persistence. The system prompt is set by the developer, applies to the entire conversation, and carries the durable rules: who the model is, what it may do, how it should answer. User prompts are the per-turn requests evaluated under those rules. Models are trained to weight system instructions above conflicting user input — that hierarchy is also what injection attacks try to break.
- What belongs in a system prompt?
- What must hold on every turn and can't be inferred: the role, hard constraints and refusals, output format, tool-use policy, and the domain context that shapes everything. What doesn't: task-specific details (per-turn), knowledge the model already has, and walls of edge-case advice that dilute the rules that matter.
Related
- Prompt Patterns for Coding AgentsPractical prompting patterns: chaining, few-shot, context management, tool use, and output structuring.
- Few-Shot vs Chain-of-Thought vs Structured Prompting: What to Use When (2026)When to reach for few-shot examples, chain-of-thought reasoning, or structured/output-constrained prompting — a 2026 decision guide to the core techniques.
- Writing Your First Custom AgentA step-by-step guide to authoring a focused, effective custom subagent.
- CLAUDE.md Best PracticesHow to write a CLAUDE.md that actually helps — what to include, what to leave out, and how to keep it current.
- Prompt InjectionPrompt injection is an attack where untrusted content carries instructions an LLM then follows — overriding its task, leaking data, or triggering tool calls.
- Prompt CachingPrompt caching reuses the computed state of a repeated prompt prefix across requests — dramatically cutting cost and time-to-first-token for stable context.
- Prompt TemplateA prompt template is a parameterized prompt — fixed instructions with variable slots — turning prompts from strings into versioned, testable components.
- Zero-Shot PromptingZero-shot prompting asks a model to perform a task from instructions alone, with no examples — the default mode for capable modern LLMs.