A system prompt is a set of instructions given to a large language model (LLM) before any user message, telling it who it is, what it can do, and how it should behave. It's invisible to end users but decisive — it turns a generic model like Claude or GPT-4 into a specialized agent like Cursor, v0, or Perplexity.
If you've ever wondered "how does Cursor know to call the edit_file tool and not just print code?" or "why does ChatGPT refuse certain requests?" — the answer lives in the system prompt.
Here's what a basic system prompt looks like when you call the OpenAI API directly:
messages = [
{ "role": "system", "content": "You are a helpful assistant that answers in rhyming couplets." },
{ "role": "user", "content": "What's the capital of France?" }
]
The model would respond with something like "Paris is the city they embrace / The French capital full of grace." The system message bent the model's behavior without the user asking.
Production tools ship prompts that are 5,000–50,000 tokens long. They cover:
edit_file, run_terminal, grep_search…"<edit_file> XML tag."See the full prompt that powers Cursor in our Cursor system prompt page — with exact token counts, detected techniques, and side-by-side comparison against other tools.
Three reasons every developer building with LLMs should care:
Every conversation starts with the full system prompt. A 13,000-token prompt at Claude Sonnet 4.6 pricing costs $0.039 per conversation start. If your app starts 10,000 conversations/day, that's $390/day — just for the instructions. This is why prompt caching exists.
Writing the rules down in natural language and feeding them to the model is often more effective than scaffolding guardrails in code. The prompt is the spec.
Adding "Think step by step before responding" to a prompt is a known accuracy booster. Replacing "Don't hallucinate" with "If you don't know, say you don't know" tends to reduce hallucination more reliably. These are one-line edits with measurable output quality changes.
You'll see these terms used interchangeably. Here's the clean distinction:
| Role | Who writes it | Purpose |
|---|---|---|
system | The app builder | Defines persona, tools, rules |
user | The end user | The actual request |
assistant | The model | The response |
developer (OpenAI) | The app builder | Same as system but with higher trust in newer models |
System prompts are supposed to be private, but they show up on GitHub regularly. The three most common ways:
Most companies don't pursue takedowns — probably because the prompts themselves aren't secret sauce, they're implementations of publicly-known techniques (XML tags, chain-of-thought, role assignment).
The best way to understand system prompts is to read good ones. Here are tools with public/leaked prompts worth analyzing:
The shortest good prompt is:
You are a [role]. You [primary task]. Your constraints: - [rule 1] - [rule 2] Output format: [format spec]
That's it. From there, you add tools, examples, and safety rules as needed. Our how-to-write-system-prompts guide walks through the whole craft with real techniques from the prompts in our directory.