Prompt Engineering
Overview
Untested prompts in production are bugs you haven't found yet. Vibes-based prompt tuning is not engineering.
Core principle: EVERY prompt is versioned, tested, and evaluated against ground truth before deployment.
Violating the letter of this process is violating the spirit of LLM engineering.
The Iron Law
EVERY PROMPT IS VERSIONED, TESTED, AND EVALUATED AGAINST GROUND TRUTH
If you haven't evaluated it on a test set, it's not ready for production. "It looked good in the playground" is not evaluation.
When to Use
Use for ANY LLM integration work:
- Designing new prompts for applications
- Modifying existing prompts
- Building RAG pipelines
- Implementing tool use / function calling
- Optimizing token cost or latency
- Migrating between models
- Evaluating model outputs
Use this ESPECIALLY when:
- Prompt "works most of the time"
- You're tuning prompts by hand in a playground
- Someone says "just tweak the prompt a bit"
- Deploying prompt changes without evaluation
- Switching models and assuming prompts transfer
Don't skip when:
- The prompt is "simple" (simple prompts fail on edge cases)
- You're "just fixing a typo" (typos change model behavior)
- It's an internal tool (internal users deserve quality too)
The Five Phases
You MUST complete each phase before proceeding to the next.
Phase 1: Prompt Design
BEFORE writing ANY prompt:
-
Define the Task Precisely
- What exactly should the model do?
- What are valid outputs?
- What are invalid outputs?
- What edge cases exist?
- Write these down. They become your evaluation criteria.
-
Select the Right Pattern
Pattern When to Use Example Zero-shot Simple, well-defined tasks Classification, extraction Few-shot Task needs examples to clarify format/behavior Structured data extraction, style matching Chain-of-thought Reasoning, analysis, multi-step logic Math, code review, complex classification System/User/Assistant roles Conversational applications Chatbots, assistants Tool use Model needs to take actions or access data API calls, database queries, calculations -
Structure the Prompt
Rules:
- Report only confirmed issues, not style preferences
- Include file path and line number for each issue
- Classify severity as: critical, warning, info
-
Design Output Format
- Specify exactly what the output should look like
- Use JSON mode or tool use for structured output
- Include examples of expected output in the prompt
- Constrain the model: what it MUST include, what it MUST NOT include
Phase 2: Anthropic-Specific Best Practices
When using Claude models:
-
XML Tags for Structure
<document> {{document_content}} </document> <instructions> Summarize the document above in 3 bullet points. Focus on actionable insights only. </instructions>- XML tags reduce ambiguity between instructions and content
- Use them to separate input data from instructions
- Use them to delineate sections of complex prompts
-
Prefilling for Format Control
Assistant: {"analysis": [- Start the assistant response to lock in format
- Prevents preamble ("Sure, I'd be happy to...")
- Forces specific output structure
-
Prompt Caching
- Place stable content (system prompt, reference docs) first
- Place variable content (user input) last
- Use cache breakpoints for long static contexts
- Measure cost savings: cached tokens are significantly cheaper
-
Extended Thinking
- Enable for complex reasoning tasks
- Budget thinking tokens appropriately
- Don't enable for simple extraction/classification (waste of tokens)
Phase 3: RAG Design Patterns
When building retrieval-augmented generation:
-
Retrieval Quality First
- Bad retrieval = bad generation, regardless of prompt quality
- Test retrieval independently before testing generation
- Measure retrieval recall: are relevant documents being found?
-
Context Window Management
<retrieved_documents> <document index="1" source="{{source_1}}" relevance_score="{{score_1}}"> {{content_1}} </document> <document index="2" source="{{source_2}}" relevance_score="{{score_2}}"> {{content_2}} </document> </retrieved_documents> <instructions> Answer the user's question using ONLY the documents above. If the answer is not in the documents, say "I don't have enough information." Cite document numbers for each claim. </instructions> -
Grounding and Attribution
- Require citations to source documents
- Instruct the model to say "I don't know" when information is missing
- Test for hallucination: ask questions NOT in the context
- Verify the model doesn't fabricate sources
-
Chunking Strategy
- Chunk size affects retrieval quality
- Too small: loses context
- Too large: dilutes relevance
- Test different chunk sizes and measure retrieval recall
Phase 4: Testing and Evaluation
BEFORE deploying ANY prompt:
-
Build an Evaluation Dataset
- Minimum 20-50 examples for basic evaluation
- Cover happy paths AND edge cases
- Include adversarial inputs
- Include ground truth (expected outputs)
- Version your eval dataset alongside your prompts
-
Define Metrics
Task Type Metrics Classification Accuracy, precision, recall, F1 Extraction Exact match, partial match, field-level accuracy Generation LLM-as-judge, human eval, ROUGE/BLEU (limited) RAG Faithfulness, relevance, citation accuracy -
Run Evaluations Systematically
# Every prompt change triggers evaluation results = evaluate( prompt=prompt_v2, dataset=eval_dataset, metrics=[accuracy, faithfulness, latency], ) # Compare against previous version assert results.accuracy >= baseline.accuracy - REGRESSION_THRESHOLD assert results.faithfulness >= 0.95 -
Test for Failure Modes
- Prompt injection attempts
- Extremely long inputs
- Empty or malformed inputs
- Inputs in unexpected languages
- Adversarial edge cases designed to break the prompt
-
LLM-as-Judge for Generation Quality
- Use a separate LLM call to evaluate output quality
- Define rubrics: what makes a good vs. bad output
- Calibrate judge against human evaluations
- Don't use the same model to judge itself when possible
Phase 5: Versioning and Operations
Every prompt in production follows these rules:
-
Version Control
prompts/ ├── code-review/ │ ├── v1.0.0.txt # Initial version │ ├── v1.1.0.txt # Added severity classification │ ├── v2.0.0.txt # Restructured for tool use │ ├── eval_dataset.jsonl # Test cases │ └── CHANGELOG.md # What changed and why- Semantic versioning: major.minor.patch
- Major: behavior change. Minor: improvement. Patch: typo/formatting.
- Every version has evaluation results recorded
-
A/B Testing
- Route traffic between prompt versions
- Measure real-world performance
- Statistical significance before declaring winner
- Don't declare "better" from 10 examples
-
Cost Optimization
- Measure tokens per request (input and output)
- Choose the right model for the task (don't use the largest model for simple classification)
- Use prompt caching for repeated contexts
- Batch requests where possible
- Monitor cost per request in production
-
Security
- Input sanitization before prompt injection
- Output validation before returning to users
- Rate limiting on LLM endpoints
- Never expose system prompts to end users
- Test for jailbreak and extraction attacks
Red Flags - STOP and Follow Process
If you catch yourself thinking:
- "It works in the playground, ship it"
- "Just tweak the wording a bit"
- "We don't need an eval set for this"
- "The prompt is simple enough"
- "We'll add evaluation later"
- "Same prompt works across models"
- "Users won't try to break it"
- "Cost doesn't matter, use the biggest model"
- "Just add more examples to fix it"
- "The model should figure it out"
ALL of these mean: STOP. Return to Phase 1.
Common Rationalizations
| Excuse | Reality |
|---|---|
| "Works in the playground" | Playground tests 3-5 cases. Production sees thousands of edge cases. |
| "Simple prompt, no eval needed" | Simple prompts fail on edge cases you haven't imagined. Evaluate. |
| "We'll add tests later" | Later means after the first production incident. Test now. |
| "Same prompt works across models" | Models have different behaviors. Re-evaluate on every model change. |
| "Just add more few-shot examples" | More examples without evaluation is guess-and-check. Measure first. |
| "Users won't try to break it" | Users will absolutely try to break it. Test adversarial inputs. |
| "Cost doesn't matter" | Cost scales with traffic. A 2x token reduction saves thousands. |
| "Bigger model fixes everything" | Bigger model with a bad prompt is still bad. Fix the prompt. |
| "LLM evaluation is unreliable" | LLM-as-judge with good rubrics correlates well with human eval. Calibrate it. |
| "Prompt engineering isn't real engineering" | Untested prompts are untested code. Same discipline applies. |
Anti-Patterns
| Anti-Pattern | Consequence | Correct Approach |
|---|---|---|
| Untested prompts in production | Silent failures, inconsistent outputs, user complaints | Evaluation dataset, automated testing |
| No evaluation metrics | Can't measure improvement, can't detect regression | Define metrics per task type, track over time |
| Prompt injection vulnerabilities | Data leaks, unauthorized actions, system prompt exposure | Input sanitization, output validation, adversarial testing |
| Vibes-based tuning | Fixes one case, breaks three others | Systematic evaluation, regression testing |
| No versioning | Can't rollback, can't compare, can't reproduce | Version control prompts like code |
| Model coupling | Prompt breaks on model update or migration | Test across model versions, abstract model-specific syntax |
Quick Reference
| Phase | Key Activities | Success Criteria |
|---|---|---|
| 1. Design | Define task, select pattern, structure prompt, design output | Clear prompt with explicit constraints |
| 2. Anthropic | XML tags, prefilling, caching, extended thinking | Model-specific optimizations applied |
| 3. RAG | Retrieval testing, context management, grounding | Faithful, cited, hallucination-resistant |
| 4. Evaluation | Build eval set, define metrics, test failure modes | Meets accuracy targets, handles edge cases |
| 5. Operations | Version, A/B test, optimize cost, secure | Versioned, monitored, cost-efficient, secure |
Verification Checklist
Before deploying any prompt to production:
- Task precisely defined with valid/invalid output examples
- Prompt pattern selected with justification
- Output format specified and constrained
- Evaluation dataset created (minimum 20-50 examples)
- Metrics defined and measured
- Evaluation results meet defined thresholds
- Adversarial inputs tested (prompt injection, edge cases)
- Prompt versioned in source control
- Token usage and cost measured
- Model-specific optimizations applied (caching, prefilling)
- Security review completed (no prompt leakage, input sanitized)
- Rollback plan in place (previous prompt version ready)
Can't check all boxes? You're not ready to deploy.
Integration with Other Skills
This skill requires using:
- test-driven-development - REQUIRED for building evaluation datasets and writing automated prompt tests
Complementary skills:
- documentation-generation - Document prompt design decisions, evaluation results, and versioning strategy
- systematic-debugging - Use when prompt behavior is inconsistent or outputs are unexpected
Final Rule
No eval dataset → no production deployment
No metrics → no "improvement"
No version control → no prompt changes
Design. Test. Evaluate. Version. Deploy. Monitor. In that order. Always.