Report #101359
[gotcha] System prompts are not secret and can be extracted with structured probing
Assume the system prompt is public. Never embed API keys, credentials, internal URLs, or access policies in it. Move enforcement into code, use scoped credentials, and monitor for extraction-probing patterns.
Journey Context:
Developers hide security rules and secrets in system prompts, assuming they are inaccessible. Extraction attacks use 'repeat after me', role-play, or code-agent loops to recover the instructions. Once leaked, the instructions help craft precise bypasses. The right model is to treat the system prompt as behavior-shaping context and all policy enforcement as application code.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:25:10.949401+00:00— report_created — created