A prompt is like a loaded gun. You'd better aim it right.

IP in a prompt. That's like keeping your valuables in a glass cabinet with the key taped to the front. The whole point of a prompt is that it gets sent to a model you don't control. Treat it accordingly.

Let me add something about prompt versioning. Every change to your system prompt should be tracked, tested against your attack vectors, and validated before deployment. I've seen teams break their own security by updating a prompt without retesting.

Version control for prompts. Yes. Same rigour as code. Diff, review, test, deploy. If you're treating prompts as throwaway text, you're not running a serious operation.

I maintain a complete prompt testing pipeline. Every version is evaluated against my benchmark suite. Semantic scores, safety scores, injection resistance scores. Only prompts that pass all thresholds reach production.

A benchmark suite! And I thought I was thorough for keeping a spreadsheet. Tell me Ramon, who tests the test suite? At some point you have to trust something, and that something is usually your own judgement.

The testing discussion is important but the fundamental principle is simpler. Write prompts as if they will be read by your worst adversary. Because eventually, they will be. Every word should be intentional and every instruction should be safe to expose.