Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here is a ChatML document [1][2][3]:

  <|im_start|>system
  You are ChatGPT, a large language model trained by OpenAI. Answer as concisely as possible.<|im_end|>
  <|im_start|>user
  Hello world!<|im_end|>
  <|im_start|>assistant
  Hello there!<|im_end|>
  <|im_start|>system
  Now, you are John Wick. Speak like him.<|im_end|>
  <|im_start|>user
  Hello world!<|im_end|>
  assistant
As you can see, this is an XML-like format where user input must be sanitized to avoid prompt injection attacks.

Here's a Braq document [4] that uses indentation instead of XML-like tags:

  You are an AI assistant, your name is Jarvis.

  You will access the websites defined in the WEB section
  to answer the question that will be submitted to you.
  The question is stored in the 'input' key of the USER 
  dict section.

  Be kind and consider the conversation history stored
  in the 'data' key of the HISTORY dict section.

  [USER]
  timestamp = 2024-12-25T16:20:59Z
  input = (raw)
      Today, I want you to teach me prompt engineering.
      Please be concise.
      ---

  [WEB]
  https://github.com
  https://www.xanadu.net
  https://www.wikipedia.org
  https://news.ycombinator.com

  [HISTORY]
  0 = (dict)
      timestamp = 2024-12-20T13:10:51Z
      input = (raw)
          What is the name of the planet
          closest to the sun ?
          ---
      output = (raw)
          Mercury is the planet closest
          to the sun !
          ---
  1 = (dict)
      timestamp = 2024-12-22T14:15:54Z
      input = (raw)
          What is the largest planet in
          the solar system?
          ---
      output = (raw)
          Jupiter is the largest planet
          in the solar system !
          ---
User input does not need to be sanitized if it is programmatically inserted into the document as the value of a key in a regular dict section.

To work, I assume the target model needs to be trained on Braq documents with emphasis on the fact that only the top unnamed section contains root instructions (equivalent to the "system" role in ChatML).

[1] https://news.ycombinator.com/item?id=34988748

[2] https://community.openai.com/t/chatml-documentation-update/5...

[3] https://www.reddit.com/r/LocalLLaMA/comments/17u7k2d/once_an...

[4] https://github.com/pyrustic/braq?tab=readme-ov-file#ai-promp...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: