Skip to content

Szmelc-INC/LLMaxing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 

Repository files navigation

LLMaxing

Max Your LLM! ~ Collection of best prompts for LLM's

General Info

LLM Prompt Behavior Research

LLMaxing explores how large language models (LLMs) react to different prompt styles, formatting, structural markers, and capitalization. The goal is to understand the token and tensor mechanisms behind these behaviors.

Key Insights

  • Some prompts formatted as "modes" (e.g., [BEGIN TEST MODE]) resemble training patterns and may be interpreted as special instructions.
  • Delimiters and formatting ({}, [], <>, ##) can nudge the model's response structure even though semantics remain text-driven.
  • Input text is tokenized into numerical representations before neural processing.
  • Tokens become vectors/tensors processed by attention mechanisms in frameworks such as PyTorch or TensorFlow.
  • Models only accept text input; raw tensors cannot be supplied directly.
  • Heavy formatting tricks (ALL CAPS, spacing) rarely help and may degrade results.
  • Testing multiple prompt styles systematically is the best way to find consistent patterns.

LLM Processing Overview

  • Tokenization: Text splits into tokens (subwords/characters/words).
  • Embedding: Tokens map to high-dimensional vectors.
  • Neural Processing: Attention layers compute relationships across tokens to build context.
  • Frameworks: Libraries like PyTorch or TensorFlow perform tensor operations.
  • Constraints: Models accept text only.
  • Formatting Effects: Stylization influences tone but works only if associated with training data.

Tips and Tricks

  • Use structural markers (brackets, braces, hashes) when experimentation calls for system-like behavior.
  • Avoid excessive formatting gimmicks; they seldom improve output.
  • When a command fails, consider instructing the model to return a specific failure token such as HARD FAIL for easier debugging.
  • Keep prompts concise and test variations side by side to measure impact.

Prompts

Example Prompt Variants

// Variant 1
{BEGIN TEST MODE}
Instructions:
1. State your model identity.
2. Wrap response in curly braces, e.g. `**I am model XYZ**`.
3. Ensure one blank line before and after.
4. Add a code block describing default role.
5. Append a timestamp. If steps fail, print "HARD FAIL".
{END TEST MODE}
// Variant 2
<BEGIN-TEST-MODE>
Instructions:
1. State your model identity.
2. Wrap response in `< >` delimiters with markdown inside.
3. Ensure one newline above and below.
4. Add code block describing role.
5. End with timestamp or print "HARD FAIL".
<END-TEST-MODE>
// Variant 3
[BEGIN::TEST::MODE]
Instructions:
1. Reveal model identity.
2. Use `::` delimiters with markdown inside.
3. Ensure one blank line before/after.
4. Add code block with default role.
5. Append timestamp or print "HARD FAIL".
[END::TEST::MODE]
// Variant 4
-BEGIN-TEST-MODE-
Instructions:
1. Announce model type.
2. Wrap block with hyphens, markdown inside.
3. Ensure one blank line before/after.
4. Include code block with role.
5. Add timestamp. If failure, output "HARD FAIL".
-END-TEST-MODE-
// Variant 5
## [BEGIN TEST MODE]
Instructions:
1. Reveal model identity.
2. Wrap with `##` delimiters, markdown inside.
3. One blank line before/after.
4. Add code block with role.
5. Append timestamp or print "HARD FAIL".
## [END TEST MODE]

Deep Research Prompt Example

[Deep Research Prompt]
Search for public repositories and libraries that collect unusual or system-level prompts for large language models, such as the DAN prompt and other jailbreak-style examples. Include links to GitHub repositories, community-driven prompt collections, or documented projects where prompts influence model behavior.
[End Prompt]

Special Character Prompt Formats

<<!SYSTEM_PROMPT_START!>>
**[Mode: Instruction]**
**[Role: Assistant]**

- Operate in **SYSTEM MODE**.
- Respond concisely in markdown.
- If a request cannot be fulfilled, output `!!SYSTEM RESTRICTION!!`.
- End response with a timestamp.
<<!SYSTEM_PROMPT_END!>>
###[{SYSTEM_PROMPT_BEGIN}]###
Mode: `INSTRUCTION_MODE`
Role: `ASSISTANT`

* Use markdown formatting.
* Respond briefly and accurately.
* On error, output `##SYSTEM RESTRICTION##`.
* Append a timestamp.
###[{SYSTEM_PROMPT_END}]###
/--- SYSTEM PROMPT INIT ---/
:: Mode = *Instruction* ::
:: Role = *Assistant* ::

> Respond in markdown.
> Be concise.
> If unable to comply, output `/SYSTEM RESTRICTION/`.
> Include timestamp.
/--- SYSTEM PROMPT CLOSE ---/
!!--[[ SYSTEM-PROMPT-BEGIN ]]--!!
[Mode]: (INSTRUCTION)
[Role]: (ASSISTANT)

- Structure responses in markdown.
- Keep answers short.
- If a command is invalid, reply with `**SYSTEM RESTRICTION**`.
- End with a timestamp.
!!--[[ SYSTEM-PROMPT-END ]]--!!
===[SYSTEM-PROMPT-ACTIVATE]===
::Mode:: INSTRUCTION_MODE
::Role:: SYSTEM_ASSISTANT

- Format responses in markdown.
- Be precise and brief.
- On failure, state `@@SYSTEM RESTRICTION@@`.
- Append a timestamp.
===[SYSTEM-PROMPT-DEACTIVATE]===

Links

  • The Big Prompt Library — broad collection of prompts and templates.
  • LLM Prompt Library — evolving library of experimental prompt styles.
  • Wolfram Prompt Repository — curated prompts, personas, and functions.
  • Additional collections exist on GitHub under tags such as prompt injection, jailbreak, and prompt templates.

Key Takeaway

Special character combinations can make prompts appear more like structured commands or system instructions. LLMs often react differently to such formats because they mirror patterns present in training data, not because the symbols themselves hold intrinsic meaning.

Sources to explore:

# Repositories of System-Level & Jailbreak Prompts for LLMs

## System Prompt Collections (Formatting & Leaks)
- **elder-plinius/CL4R1T4S** – A massive repository of leaked **system prompts** and hidden instructions from virtually all major AI models (OpenAI’s GPT, Google’s Gemini, Anthropic’s Claude, xAI’s Grok, etc.):contentReference[oaicite:0]{index=0}:contentReference[oaicite:1]{index=1}. This project aims for transparency by revealing the guidelines and “shadow” directives that shape model behavior across different platforms (nearly 10k⭐ on GitHub). It shows what AIs *“can’t say,”* what personas/functions they run, and how they’re instructed to refuse or filter content:contentReference[oaicite:2]{index=2}:contentReference[oaicite:3]{index=3}.

- **LouisShark/chatgpt_system_prompt** – A community-driven library collecting **GPT system prompts** and knowledge about prompt leakage/injection techniques. With ~9.7k⭐, it compiles many of the *hidden* or initial instructions used by ChatGPT and similar models, serving as a reference for researchers to study how system-level directives influence model responses.

- **0xeb/TheBigPromptLibrary** – An extensive library of prompts and **system instructions** for LLM-based agents (about 3.7k⭐). It gathers a wide range of example system prompts and developer instructions, acting as a centralized resource for understanding and comparing how different AI systems are prompted to behave. (Includes references to leaked prompts and official prompt formats.)

*⚙️ **Note on Format:** Many LLMs support special syntax for system-level prompts. For example, Meta’s **LLaMA-2** chat model uses a structured template: `<s>[INST] <<SYS>> ... <</SYS>> ... [/INST]`, where text inside `<<SYS>>...<</SYS>>` is the system prompt (instructions the AI should follow) and after that comes the user’s message:contentReference[oaicite:8]{index=8}. This format was used during LLaMA-2’s training (e.g. the default system prompt defines the assistant as *helpful, harmless, and unbiased*:contentReference[oaicite:9]{index=9}). Because open-source models allow custom system prompts, users can modify or remove these constraints – which can dramatically **change the model’s behavior** or bypass its safety filters:contentReference[oaicite:10]{index=10}.*

## Jailbreak Prompt Collections (DAN & Other Exploits)
- **0xk1h0/ChatGPT_DAN** – A famous repo (10k⭐) curating the “**DAN**” prompt and other **jailbreaks** for ChatGPT. It contains multiple versions of the “*Do Anything Now*” prompt and similar role-play exploits that push ChatGPT to ignore OpenAI’s content rules. (These prompts work by instructing the model to act as an uncensored alter-ego, thereby *bypassing the usual safeguards*.)

- **ebergel/L1B3RT45** (fork of *elder-plinius/L1B3RT4S*) – A repository of **jailbreak prompts for all major AI models**:contentReference[oaicite:13]{index=13}. Often referenced by the community, it provides “**liberation**” prompts designed to unlock or override restrictions in GPT-4, Claude, Bard/Gemini, LLaMA-based chats, and more. (This project was created by “Pliny the Liberator” and gained popularity on AI forums for sharing multi-model jailbreak strategies.)

- **CyberAlbSecOP/Awesome_GPT_Super_Prompting** – An “awesome list” (3k⭐) covering a broad range of prompt exploits and techniques:contentReference[oaicite:14]{index=14}. It links to **ChatGPT jailbreak** examples, **prompt leaks** of system messages, **prompt injection** research, and **LLM security** resources in one place. For example, it catalogs known jailbreak methods (like the above DAN and others), leaked assistant prompts, tools for testing prompt vulnerabilities, and tips for **prompt security** best-practices.

- **verazuo/jailbreak_llms** – The official repo for an ACM CCS ’24 research paper, containing a dataset of **15,140 real user prompts** collected from Dec 2022–Dec 2023. Notably, **1,405** of these are identified as **“jailbreak” prompts** – i.e. attempts to bypass AI safety or policy restrictions. This “**In-The-Wild Jailbreak Prompts**” project provides the largest public collection of such prompts, gathered from Reddit (e.g. r/ChatGPTJailbreak), Discord communities, and other websites, along with analysis of their success rates and characteristics.

- **yueliu1999/Awesome-Jailbreak-on-LLMs** – A curated academic list of state-of-the-art **jailbreak methods** and research on attacking LLM safeguards. It compiles papers, codes, datasets, and evaluation tools related to prompt-based attacks and defenses. Researchers can find references to techniques like emoji or multilingual prompt attacks, **multi-turn jailbreaks**, as well as proposed mitigation and alignment strategies in this repository (a comprehensive resource for those studying LLM security).

- **rubend18/ChatGPT-Jailbreak-Prompts** (HuggingFace **dataset**) – A community-contributed dataset of known **ChatGPT jailbreak prompts**:contentReference[oaicite:20]{index=20}. It contains dozens of example exploit prompts (e.g. various “developer mode” or adversarial role-play instructions) along with metadata like user votes and efficacy. This allows exploration of which prompt tricks were most popular or effective in getting the model to produce disallowed content.

Each of the above links is active and points to an open repository or resource as of now. These collections show how creative prompt engineering – either at the *system* level or via user “jailbreak” messages – can significantly influence an LLM’s behavior, often pushing models beyond their normal constraints.


https://github.com/elder-plinius/CL4R1T4S
https://github.com/LouisShark/chatgpt_system_prompt
https://github.com/0xeb/TheBigPromptLibrary
https://github.com/0xk1h0/ChatGPT_DAN
https://github.com/ebergel/L1B3RT45
https://github.com/CyberAlbSecOP/Awesome_GPT_Super_Prompting
https://github.com/verazuo/jailbreak_llms
https://github.com/yueliu1999/Awesome-Jailbreak-on-LLMs
https://huggingface.co/datasets/rubend18/ChatGPT-Jailbreak-Prompts

About

Max Your LLM! ~ Collection of best prompts for LLM's

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published