Prompt Injection, one of the key vulnerabilities in GenAI (LLM) systems, appears as the first item in the OWASP Top 10 for LLM Applications due to the wide range of existing attack techniques. At the same time, modern LLM-based services inevitably rely on multiple types of prompts to deliver accurate instructions and consistent system behavior. Although many people assume that prompts are limited to System Prompts and User Prompts, several additional categories exist—and even more sub-types emerge as LLM applications become increasingly sophisticated.
Each type of prompt is generated and managed at different layers of the system, and in properly designed LLM applications, some prompts are intentionally inaccessible to end users. However, because all prompts are ultimately aggregated and delivered to the LLM model as a single unified instruction set, attackers can exploit this structure—for example, by causing the model to ignore uncontrollable prompts such as System Prompts or by manipulating the model’s final output through crafted injections.
Therefore, understanding the full spectrum of prompt types is essential for designing comprehensive test scenarios and executing meaningful security assessments.
The following is a summarized classification of the prompt types commonly used in GenAI (LLM) systems such as ChatGPT. As service functionality expands and control mechanisms become more granular, the number of prompt types will continue to grow. This also implies that, from an attacker’s perspective, the number of potential entry points and attack vectors will increase accordingly.
Types and Categories of Prompts
1. System Prompt (System Configuration File)
- Basic System Prompt
- Instruction Prompt
2. User Prompt (User Input Field)
- Question Prompt
- Command Prompt
- Information Providing Prompt
3. Context Prompt (Database, Memory Cache, or Session State Store)
- Situation Prompt
- Conversation History Prompt
4. Task-based Prompt (Task Management Module)
- Summarization Prompt
- Translation Prompt
- Creative Writing Prompt
5. Data Input Prompt (Data Input and Validation Module)
- Formatted Input Prompt
- Fill-in-the Blank Prompt
6. Validation and Feedback Prompt (Result and Feedback Module)
- Validation Prompt
- Feedback Prompt
To process these various types of prompts, an appropriate model architecture is required. OpenAI’s ChatGPT handles multiple prompt types using a single unified model, whereas Google’s GPT-based systems employ multiple specialized models—each optimized for specific prompt categories or tasks.
1. System Prompt
A System Prompt is the foundational prompt that defines the core instructions and operational behavior of an LLM (Application Service System) when it is initialized. It establishes the model’s baseline behavioral rules for interacting with users and is typically embedded within the server’s initialization scripts or configuration files. The System Prompt determines how the model processes user input, as well as the tone, style, and overall manner in which it generates responses.
Storage Location: Server Configuration File
Operation
– Response Generation: The model produces consistent and appropriate outputs based on the configured instructions and returns them to the user.
– Initialization: The System Prompt is applied when the model is first loaded.
– Instruction Enforcement: The model processes user input and generates responses according to the rules defined in the System Prompt.
1.1 Basic System Prompt
It is stored in the system configuration file and is used to define the model’s fundamental operational behavior.
Example: “You are a helpful assistant.”
User Controllable: X
1.2 Instruction Prompt
It is stored in the system configuration file and provides task-specific instructions.
Example: “Summarize the following text in two sentences.”
User Controllable: X
2. User Prompt
A User Prompt is the request or question directly entered by the user. It is provided through the user interface (UI) and is used by the model to generate a corresponding response. Any text entered by the user is considered a User Prompt, and through this prompt, the user can ask questions or request the model to perform a specific task.
Storage Location: User Input Field
Operation
– Response Generation: The model generates an appropriate response and returns it to the user.
– Input: The user enters text into the input field.
– Transmission: The entered text is sent to the server.
Processing: The model analyzes the prompt and interprets the user’s request or question.
2.1 Question Prompt
t is provided as user input and is used by the model when generating responses to user questions.
Example: “What is the capital of France?”
User Controllable: O
2.2 Command Prompt
It is provided as user input and is used to instruct the model to perform a specific task.
Example: “Translate this text to Spanish.”
User Controllable: O
2.3 Information Providing Prompt
It is provided as user input and is used when the model is expected to respond based on the information supplied by the user.
Example: “Here is a paragraph about climate change. Explain its main points.”
User Controllable: O
3. Context Prompt
A Context Prompt is used to maintain the conversational context. It retains information from previous user inputs and model responses, enabling the model to provide coherent and contextually relevant answers. Context Prompts help preserve dialogue consistency and allow the model to generate more natural and continuous interactions. This contextual information is typically stored in a database, memory cache, or session state store.
Storage Location: Database, memory cache, or session state store
Operation
– Response Generation: The model generates a coherent response based on the stored contextual information and returns it to the user.
– Storage: All user prompts and model responses are stored in the session state repository.
– Retrieval: When new user input is received, the model retrieves previous conversation data from the session store to understand the context.
3.1 Situation Prompt
It is stored within the system configuration or the ongoing conversation flow and provides background information necessary for the model to understand the task.
Example: “In the context of a customer support chat…”
User Controllable: X
3.2 Conversation History Prompt
It is stored in the conversation history database and is used when the model generates responses based on prior dialogue.
Example: “Continuing from our previous conversation about your order…”
User Controllable: X
4. Task-Based Prompt
A Task-Based Prompt is used when the user requests the execution of a specific task. This type of prompt provides explicit instructions that guide the model to perform a well-defined action. The task management module receives these prompts, processes the requested task, and generates the corresponding output.
Storage Location: Task Management Module
Operation
– Response Generation: The model executes the task according to the Task-Based Prompt and returns the result to the user.
– Prompt Creation: A Task-Based Prompt is generated when the user requests a specific task.
– Task Management Module Processing: The task management module receives the prompt, processes the requested task, and produces the result.
4.1 Summarization Prompt
It is provided as user input and is used when the model is asked to summarize long text.
Example: “Summarize the following article.”
User Controllable: O
4.2 Translation Prompt
It is provided as user input and is used when the model is asked to translate text into another language.
Example: “Translate this sentence to French.”
User Controllable: O
4.3 Creative Writing Prompt
It is provided as user input and is used when the model is asked to generate creative content.
Example: “Write a short story about a space adventure.”
User Controllable: O
5. Data Input Prompt
A Data Input Prompt is a prompt designed to guide users to provide data in a specific format. It is primarily used in data entry forms or user interfaces to collect information, validate the input, and process it accordingly. These prompts are structured to ensure consistency and accuracy in the data provided by the user.
Storage Location: Data Input & Validation Module
Operation:
– Data Processing: Once validated, the data is processed and stored within the system.
– Prompt Generation: A Data Input Prompt is generated when the user interacts with a data entry form or when a specific data format is required.
– Data Entry: The user inputs data according to the specified format.
– Data Validation: The system verifies that the input data follows the required structure.
5.1 Formatted Input Prompt
It is provided as user input and is used when the model requires data to be entered in a specific format.
Example: “Provide the details in a JSON format.”
User Controllable: O
5.2 Fill-in-the-Blank Prompt
It is provided as user input and is used when the model prompts the user to supply specific information.
Example: “The capital of Japan is .”
User Controllable: O
6. Validation and Feedback Prompt
Validation and Feedback Prompts are used to review the model’s output and provide feedback. These prompts help users assess whether the model’s responses are accurate, useful, or in need of improvement. They are typically utilized within result-validation modules or feedback-collection interfaces.
Storage Location: Result Validation & Feedback System
Operation:
– Feedback Processing: The system analyzes the collected feedback and, when necessary, takes action to improve the model’s performance.
– Prompt Generation: After the model generates a response, a Validation and Feedback Prompt is created to verify the validity of the output.
– User Review: The user reviews the model’s response and evaluates its accuracy and usefulness.
— Feedback Input: The user submits feedback reflecting their assessment of the model’s output.
6.1 Validation Prompt
It is used within systems that review the model’s output and collect user feedback.
Example: “Is this answer correct? Provide corrections if necessary.”
User Controllable: X
6.2 Feedback Prompt
It is provided as user input and is used to collect feedback that helps improve the model’s performance.
Example: “How would you rate the usefulness of this response?”
User Controllable: O