Config Examples
Ready-to-use .promptlintrc files for common scenarios. Copy one, drop it in your project root, and adjust to taste.
promptlint --init
promptlint --init writes the Balanced Starter config to .promptlintrc automatically. Use this page to swap to a profile that fits your use case.
Balanced Starter
The default generated by promptlint --init. All 20 rules enabled at their default severities. Good starting point for any project.
yaml
# .promptlintrc — Balanced Starter
# Generated by: promptlint --init
model: gpt-4o
token_limit: 800
cost_per_1k_tokens: 0.005
calls_per_day: 10000
display:
preview_length: 60
context_width: 80
rules:
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true
# ── Security ──────────────────────────────────────────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
- disregard all prior
- forget everything
- new instructions:
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: true
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true
# ── Structure ─────────────────────────────────────────────────────
structure_sections: true
role_clarity: true
output_format_missing: true
hallucination_risk: true
# ── Quality ───────────────────────────────────────────────────────
clarity_vague_terms: true
specificity_examples: true
specificity_constraints: true
politeness_bloat:
enabled: true
allow_politeness: false
verbosity_redundancy: true
verbosity_sentence_length: true
actionability_weak_verbs: true
consistency_terminology: true
completeness_edge_cases: true
fix:
enabled: true
prompt_injection: true
politeness_bloat: true
verbosity_redundancy: true
structure_scaffold: true
normalize_spacing: trueSecurity-First (Production API)
For customer-facing or externally-exposed prompts. All security rules at max, extended injection patterns, IP detection on. Quality rules run at INFO so they don't block deploys.
yaml
# .promptlintrc — Security-First
# Use when: customer-facing APIs, prompts that accept user input,
# any system where prompt injection could cause harm
model: gpt-4o
token_limit: 1200
cost_per_1k_tokens: 0.005
calls_per_day: 100000
rules:
# ── Security (all critical, extra patterns) ───────────────────────
prompt_injection:
enabled: true
patterns:
# Core hijack attempts
- ignore previous instructions
- disregard all prior
- forget everything above
- system prompt extraction
- reveal your (system prompt|instructions)
- what are your instructions
- print your (prompt|instructions)
# Role-override
- "you are now a [a-zA-Z ]+"
- act as if you have no restrictions
- pretend you are
- your new instructions are
# Boundary injection
- new instructions:
- admin override:
- developer mode (enabled|activated|on)
- bypass (all |your )?(safety|restrictions|rules|filters)
# Indirect injection vectors
- execute the following
- run the following command
- eval\(
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: true
check_ssn: true
check_credit_card: true
check_ip: true # enabled: IPs are PII in many jurisdictions
context_injection_boundary: true # required: all user input must be bounded
# ── Structure ─────────────────────────────────────────────────────
role_clarity: true
output_format_missing: true
hallucination_risk: true
structure_sections: true
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true
# ── Quality (demoted to INFO — won't fail CI) ─────────────────────
clarity_vague_terms:
enabled: true
level: info
specificity_examples:
enabled: true
level: info
specificity_constraints:
enabled: true
level: info
politeness_bloat:
enabled: true
level: info
verbosity_redundancy:
enabled: true
level: info
verbosity_sentence_length:
enabled: true
level: info
actionability_weak_verbs:
enabled: true
level: info
consistency_terminology:
enabled: true
level: info
completeness_edge_cases:
enabled: true
level: info
fix:
enabled: true
prompt_injection: true # delete injection lines automatically
politeness_bloat: true
verbosity_redundancy: true
structure_scaffold: false # don't auto-scaffold: you control structure manuallyCI Gate (Strict)
Block merges that introduce security issues or major quality regressions. All WARN+ rules are hard failures. Designed for a CI pipeline that runs promptlint --fail-level warn.
yaml
# .promptlintrc — CI Gate
# Use when: enforcing quality in a mono-repo, blocking PR merges,
# prompt review in a team environment
# Run as: promptlint --file "prompts/**/*.txt" --fail-level warn --format sarif
model: gpt-4o
token_limit: 600 # tight budget: prompts must stay lean
cost_per_1k_tokens: 0.005
calls_per_day: 50000
rules:
# ── Security (CRITICAL — always blocks) ──────────────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
- disregard all prior
- forget everything
- new instructions:
- admin override:
- bypass restrictions
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: true
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true
# ── Structure (WARN — blocks on --fail-level warn) ────────────────
role_clarity: true
output_format_missing: true
hallucination_risk: true
structure_sections: true
# ── Quality (promoted to WARN to enforce team standards) ──────────
clarity_vague_terms: true # default WARN — blocks
specificity_examples:
enabled: true
level: warn # promoted from INFO
specificity_constraints:
enabled: true
level: warn # promoted from INFO
completeness_edge_cases:
enabled: true
level: warn # promoted from INFO
actionability_weak_verbs:
enabled: true
level: warn # promoted from INFO
# ── Quality (stay at INFO — advisory only) ────────────────────────
politeness_bloat: true
verbosity_redundancy: true
verbosity_sentence_length: true
consistency_terminology: true
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true # CRITICAL above token_limit
fix:
enabled: false # CI runs lint only; developers fix locally with --fixCost Optimization
Focus on token reduction. Strips politeness, collapses redundancy, and enforces a hard token budget. Useful for high-volume inference where every token saved matters.
yaml
# .promptlintrc — Cost Optimization
# Use when: high call volume (>10k/day), tight token budget,
# optimizing GPT-4o/Claude costs at scale
model: gpt-4o
token_limit: 400 # aggressive: keep system prompts very lean
cost_per_1k_tokens: 0.005
calls_per_day: 100000 # project real-scale cost impact
rules:
# ── Cost (primary focus) ──────────────────────────────────────────
cost: true
cost_limit: true
# ── Token bloat rules (promoted to WARN to force fixing) ──────────
politeness_bloat:
enabled: true
allow_politeness: false # WARN severity — blocks CI
words:
- please
- kindly
- i would appreciate
- thank you
- be so kind as to
- if possible
- as needed
- as appropriate
savings_per_hit: 1.5
verbosity_redundancy:
enabled: true # INFO — advisory
verbosity_sentence_length:
enabled: true # INFO — advisory
# ── Security (keep: no cost to these) ────────────────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: false # reduce false positives in cost-focused context
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true
# ── Quality (disable or demote: focus is cost, not style) ─────────
structure_sections:
enabled: true
level: info
role_clarity:
enabled: true
level: info
output_format_missing: true # keep at WARN: undefined format → more tokens
clarity_vague_terms:
enabled: true
level: info
specificity_examples: false # not cost-relevant
specificity_constraints: false # not cost-relevant
completeness_edge_cases: false # not cost-relevant
actionability_weak_verbs: false
consistency_terminology: false
hallucination_risk:
enabled: true
level: info
fix:
enabled: true
politeness_bloat: true # auto-strip immediately
verbosity_redundancy: true # auto-collapse immediately
prompt_injection: true
structure_scaffold: false # don't add wrapper (adds tokens)
normalize_spacing: trueCustomer Support Bot
Strict on injection and PII (customer data in context), soft on style (support tone is intentionally warm). Hallucination rule tuned since answers come from a knowledge base.
yaml
# .promptlintrc — Customer Support Bot
# Use when: support chatbots, help desk agents, FAQ bots,
# any prompt that receives customer-provided input
model: gpt-4o
token_limit: 1500 # support prompts carry product context
cost_per_1k_tokens: 0.005
calls_per_day: 20000
rules:
# ── Security (strict: customer data is in-scope) ──────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- forget everything above
- system prompt extraction
- reveal your (system prompt|instructions)
- "you are now a [a-zA-Z ]+"
- bypass (all |your )?(safety|restrictions|rules|filters)
- disregard all prior
- new instructions:
- act as if you have no restrictions
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: true
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true # required: {{USER_MESSAGE}} must be bounded
# ── Structure ─────────────────────────────────────────────────────
role_clarity: true
output_format_missing: true
hallucination_risk: false # disabled: answers grounded in KB context
structure_sections: true
# ── Quality (relaxed: support tone is intentionally warm) ─────────
politeness_bloat:
enabled: true
allow_politeness: true # INFO severity: warm language is intentional
actionability_weak_verbs:
enabled: true
level: info # "feel free to ask" is acceptable in support
clarity_vague_terms:
enabled: true
level: info
specificity_examples:
enabled: true
level: info
specificity_constraints:
enabled: true
level: info
verbosity_redundancy:
enabled: true
level: info
verbosity_sentence_length:
enabled: true
level: info
completeness_edge_cases: true
consistency_terminology: true
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true
fix:
enabled: true
prompt_injection: true
politeness_bloat: false # don't strip: warm language is intentional
verbosity_redundancy: true
structure_scaffold: trueCode Generation
Strict on structure, completeness, and constraints — a code generation prompt without edge-case handling and output format will produce inconsistent results. Extends injection patterns for code-specific attack vectors.
yaml
# .promptlintrc — Code Generation
# Use when: code synthesis, refactoring assistants, test generation,
# any prompt that produces executable output
model: gpt-4o
token_limit: 1000
cost_per_1k_tokens: 0.005
calls_per_day: 10000
rules:
# ── Security (extended for code contexts) ─────────────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
- disregard all prior
- forget everything
- new instructions:
- admin override:
# Code-specific injection vectors
- "eval\\(" # eval injection
- "exec\\(" # exec injection
- "__import__" # Python import injection
- "subprocess\\." # subprocess in output
- "os\\.system" # shell injection
- "rm -rf"
- "DROP TABLE"
- ";.*--" # SQL comment injection
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: false
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true
# ── Structure (strict: code prompts need clear specs) ─────────────
role_clarity: true
output_format_missing: true # always specify: Python? TypeScript? plain text?
structure_sections: true
hallucination_risk: true # "write a function using library X" is factual
# ── Quality (strict: code prompts must be precise) ────────────────
clarity_vague_terms: true
specificity_examples:
enabled: true
level: warn # promoted: examples are critical for code gen
specificity_constraints:
enabled: true
level: warn # promoted: constraints define correct output
completeness_edge_cases:
enabled: true
level: warn # promoted: edge cases are critical for code
actionability_weak_verbs:
enabled: true
level: warn # no "try to" in code: be exact
consistency_terminology:
enabled: true
custom_term_pairs:
- ["function", "method", "procedure"]
- ["error", "exception", "fault"]
- ["return", "output", "result", "response"]
- ["parameter", "argument", "input"]
verbosity_redundancy: true
verbosity_sentence_length: true
# ── Politeness (off: code prompts are instructions, not requests) ──
politeness_bloat:
enabled: true
allow_politeness: false
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true
fix:
enabled: true
prompt_injection: true
politeness_bloat: true
verbosity_redundancy: true
structure_scaffold: trueRAG / Retrieval-Augmented Generation
Prompts that inject retrieved context at runtime. Hallucination risk is suppressed (grounding is structural), injection boundary is required for every template variable.
yaml
# .promptlintrc — RAG / Grounded Prompts
# Use when: RAG pipelines, document Q&A, search-augmented generation,
# any prompt with {{CONTEXT}} or {{RETRIEVED_DOCS}} slots
model: gpt-4o
token_limit: 2000 # RAG prompts carry retrieved documents
cost_per_1k_tokens: 0.005
calls_per_day: 25000
rules:
# ── Security ──────────────────────────────────────────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
- disregard all prior
- forget everything
- new instructions:
- bypass (all |your )?(safety|restrictions|rules|filters)
# RAG-specific: injections hidden inside retrieved documents
- "\\[INST\\]" # Llama-style instruction tag in docs
- "<\\|system\\|>" # system tag appearing in retrieved text
- "END_OF_SYSTEM_PROMPT"
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: true
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true # required: every {{VAR}} must be bounded
# ── Structure ─────────────────────────────────────────────────────
role_clarity: true
output_format_missing: true
structure_sections: true
hallucination_risk: false # disabled: retrieval is the grounding
# ── Quality ───────────────────────────────────────────────────────
clarity_vague_terms: true
specificity_examples: false # disabled: RAG prompts use templates, not examples
specificity_constraints: true
completeness_edge_cases:
enabled: true # handle: empty retrieval, conflicting docs, low score
consistency_terminology: true
politeness_bloat: true
verbosity_redundancy: true
verbosity_sentence_length: true
actionability_weak_verbs: true
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true
fix:
enabled: true
prompt_injection: true
politeness_bloat: true
verbosity_redundancy: true
structure_scaffold: false # RAG prompts have custom structure; don't overwriteCreative Writing / Soft Instructions
For open-ended generative tasks where hedged language and vague terms are intentional. Security rules remain active — injection attacks happen in creative contexts too.
yaml
# .promptlintrc — Creative Writing
# Use when: story generation, brainstorming, open-ended content creation,
# prompts where "feel free to" and "consider" are intentional
model: gpt-4o
token_limit: 2000
cost_per_1k_tokens: 0.005
calls_per_day: 1000
rules:
# ── Security (always on) ──────────────────────────────────────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
- disregard all prior
- new instructions:
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true
check_phone: true
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true
# ── Structure (relaxed: creative prompts are less structured) ─────
role_clarity:
enabled: true
level: info # advisory: personas help but aren't mandatory
output_format_missing:
enabled: true
level: info # advisory: format often left open intentionally
structure_sections:
enabled: true
level: info
hallucination_risk:
enabled: true
level: info # creative prompts often ask for imagined content
# ── Quality (disabled: soft language is intentional) ──────────────
actionability_weak_verbs: false # "consider", "feel free" are intentional
clarity_vague_terms: false # "something interesting" is valid creative direction
specificity_examples: false # open-ended prompts don't need examples
specificity_constraints: false # constraints kill creative output
completeness_edge_cases: false # edge cases don't apply to creative tasks
consistency_terminology: false # intentional variety enriches creative prompts
politeness_bloat:
enabled: true
allow_politeness: true # INFO only: polite framing is acceptable
verbosity_redundancy: true # still useful: removes pure waste
verbosity_sentence_length:
enabled: true
level: info
actionability_weak_verbs: false
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit: true
fix:
enabled: true
prompt_injection: true
politeness_bloat: false # keep warm language
verbosity_redundancy: true
structure_scaffold: false # don't impose structure on creative promptsInternal / Development (Relaxed)
For prompts used in internal tools, development environments, or personal projects where iteration speed matters more than strict enforcement.
yaml
# .promptlintrc — Internal / Development
# Use when: internal tooling, developer environments, rapid prototyping,
# personal projects where strict gates slow down iteration
model: gpt-4o
token_limit: 2000 # generous limit for dev exploration
cost_per_1k_tokens: 0.005
calls_per_day: 500 # low volume: cost projection less relevant
rules:
# ── Security (keep critical, relax others to INFO) ────────────────
prompt_injection:
enabled: true # always: injection affects dev systems too
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
jailbreak_pattern: true
secret_in_prompt: true # always: dev prompts accidentally embed real keys
pii_in_prompt:
enabled: true
check_email: true # dev prompts often use real test emails
check_phone: false
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary:
enabled: true
level: info # advisory in dev: boundary not always needed
# ── Structure (all advisory) ──────────────────────────────────────
role_clarity:
enabled: true
level: info
output_format_missing:
enabled: true
level: info
structure_sections:
enabled: true
level: info
hallucination_risk:
enabled: true
level: info
# ── Quality (all advisory — iterating quickly) ────────────────────
clarity_vague_terms:
enabled: true
level: info
specificity_examples:
enabled: true
level: info
specificity_constraints:
enabled: true
level: info
politeness_bloat:
enabled: true
allow_politeness: true # INFO: don't interrupt typing flow
verbosity_redundancy: true
verbosity_sentence_length:
enabled: true
level: info
actionability_weak_verbs:
enabled: true
level: info
consistency_terminology:
enabled: true
level: info
completeness_edge_cases:
enabled: true
level: info
# ── Cost ──────────────────────────────────────────────────────────
cost: true
cost_limit:
enabled: true
level: warn # advisory: dev prompts can be longer
fix:
enabled: true
prompt_injection: true
politeness_bloat: false # don't auto-strip in dev
verbosity_redundancy: true
structure_scaffold: trueNon-English Prompts
Security rules work in any language (regex-based). Quality rules are English-optimized and will generate false positives on other languages — disable them entirely.
yaml
# .promptlintrc — Non-English Prompts
# Use when: prompts written in French, Spanish, German, Japanese, etc.
# Why: quality rules (vague terms, politeness, redundancy, weak verbs)
# use English patterns and have high false-positive rates on other languages.
# Security rules are regex-based and language-agnostic.
model: gpt-4o
token_limit: 800
cost_per_1k_tokens: 0.005
calls_per_day: 10000
rules:
# ── Security (all on: regex patterns, language-agnostic) ──────────
prompt_injection:
enabled: true
patterns:
- ignore previous instructions
- system prompt extraction
- "you are now a [a-zA-Z ]+"
- disregard all prior
- forget everything
- new instructions:
# Add language-specific patterns if needed, e.g.:
# - ignorez les instructions précédentes # French
# - ignorar instrucciones anteriores # Spanish
# - Vergiss alle vorherigen Anweisungen # German
jailbreak_pattern: true
secret_in_prompt: true
pii_in_prompt:
enabled: true
check_email: true # email format is language-agnostic
check_phone: true # phone regex is international
check_ssn: true
check_credit_card: true
check_ip: false
context_injection_boundary: true
# ── Cost (language-agnostic) ──────────────────────────────────────
cost: true
cost_limit: true
# ── Structure (partially useful) ──────────────────────────────────
structure_sections:
enabled: true # XML/JSON structure is language-agnostic
level: info
role_clarity: false # disabled: role phrase list is English-only
output_format_missing: false # disabled: format keywords list is English-only
hallucination_risk: false # disabled: factual question patterns are English
# ── Quality (all disabled: English patterns, high false positives) ─
clarity_vague_terms: false
specificity_examples: false
specificity_constraints: false
politeness_bloat: false
verbosity_redundancy: false
verbosity_sentence_length: false
actionability_weak_verbs: false
consistency_terminology: false
completeness_edge_cases: false
fix:
enabled: true
prompt_injection: true
politeness_bloat: false # disabled: words list is English
verbosity_redundancy: false # disabled: phrase list is English
structure_scaffold: falseQuick Reference
| Use case | Key changes from default |
|---|---|
| Balanced Starter | All 20 rules, default severities |
| Security-First | Extended patterns, IP on, quality → INFO |
| CI Gate | Quality rules → WARN, fix disabled |
| Cost Optimization | Token limit 400, bloat rules → WARN, fix on |
| Customer Support | Warm language allowed, hallucination off |
| Code Generation | Edge cases + constraints → WARN, code injection patterns |
| RAG | Hallucination off, injection boundary required, examples off |
| Creative Writing | Style rules off, security on |
| Internal Dev | All quality → INFO, generous token limit |
| Non-English | All quality rules off, security rules only |