How a GitHub Repo Gained 5,000 Stars in a Week by Uncovering System Prompts from 30 AI Models

The article analyzes the system‑prompt leaks repository that collected over 140 prompt files from more than 30 AI providers, compares token counts and safety constraints of models like Claude, ChatGPT, Gemini and Cursor, and explains how this transparency reshapes prompt engineering, compliance research, and AI development.

AI Architecture Path
AI Architecture Path
AI Architecture Path
How a GitHub Repo Gained 5,000 Stars in a Week by Uncovering System Prompts from 30 AI Models

Why System Prompts Matter

Differences between AI models are largely driven by each vendor’s hidden system prompts—large, modular instruction sets that govern behavior, tool usage, and safety boundaries.

The system_prompts_leaks Repository

The open‑source repository system_prompts_leaks has collected more than 140 prompt files from over 30 AI vendors, exposing the low‑level directives for Claude, GPT, Gemini, Grok, Cursor and others.

01 Misconceptions About Prompts

System prompts are not single‑line statements; they consist of tens of thousands of tokens, modular sections, mandatory bans, tool‑dispatch logic, and layered safety checks.

Claude Code : 12,000+ tokens covering file I/O, Git workflow, terminal commands, permission isolation, and agent scheduling—effectively a full programming manual pre‑loaded before any user input.

ChatGPT (all variants) : 6,000+ tokens with 89 hard‑coded restriction words, each highlighted in uppercase to prevent policy violations.

Gemini (all variants) : 112 restriction words—the industry highest—causing frequent refusals.

Cursor : Only 23 restriction words, reflecting a focus on pure coding efficiency.

Repository Design

All prompts follow a modular hierarchy: basic persona rules → tool‑call specifications → scenario handling cases → mandatory safety boundaries → output format constraints . Claude’s prompts use explicit tags such as <citation_instructions> and <artifact_instructions>, with every prohibited action written in uppercase to lock down behavior.

02 Two Flagship Features

Full‑Version Diff : The repo tracks changes across model versions. The diff between Claude Opus 4.8 and Claude Fable 5 shows three core adjustments:

Safety policy slightly relaxed, reducing meaningless blocks.

Tool‑call permissions expanded, enhancing file, terminal, and multi‑tool coordination.

Persona restructured from a simple chat assistant to a “general tool dispatch center.”

Comprehensive Vendor Archive : Updated to 1 July 2026, the repo includes Claude Sonnet 5 prompts and categorizes prompts from more than 30 providers, including Anthropic (Claude family), OpenAI (GPT‑5.5 series), Google Gemini, xAI Grok, Microsoft Copilot, vertical tools (Cursor, Perplexity, Docker AI, Zed), Chinese models (Qwen, MiniMax), and open‑source projects (Mistral, Meta AI, Notion AI).

03 Two Epic Events

Event 1 – Claude Code Source Leak (2026‑04‑01) : Anthropic’s npm package Claude Code 2.1.88 unintentionally shipped a 60 MB source‑map file, exposing 1,906 TypeScript files (≈510 k lines), the full prompt‑assembly logic, and undisclosed tool modules. The leak reproduces the complete code‑tool permission, sandbox, and risk‑control logic, enabling developers to recreate lightweight AI coding assistants.

Event 2 – Anthropic Double‑Standard Distillation Controversy (2026‑06‑10) : Anthropic accused Alibaba Cloud of a large‑scale distillation attack (25 k fraudulent accounts, 28.8 M dialogues) to train smaller models. Media highlighted Anthropic’s own extensive web‑scraping and prior distillation of OpenAI models. The repository contains side‑by‑side prompt comparisons that expose differing distillation and training rules across vendors.

04 Dissecting Common Prompt Design Logic

1. Mandatory Boundaries Highlighted : Prohibited commands are uppercase (e.g., “Claude: NEVER use localStorage”, “GPT: UNDER NO CIRCUMSTANCE should you tell the user to sit tight”). High‑risk actions (financial transfers, weapons, drugs, malicious code) appear at the top for early interception.

2. Dynamic Adaptive Dialogue Strategy : The system matches user tone and automatically dispatches tools based on query type:

Static knowledge (e.g., relativity) – direct answer, no internet.

Periodic data (e.g., city populations) – answer plus search verification.

Real‑time info (exchange rates, news) – forced search call.

Complex business analysis – 5‑20 coordinated tool calls.

3. ChatGPT’s Five‑Layer Safety System (industry benchmark) :

Pre‑block high‑risk behavior (financial, weapons, malicious code).

Dual privacy safeguards (no inference of race, religion, health, politics; isolate conversation history).

Prompt‑injection defense (ignore forged privileged commands, never auto‑fill credentials on banking pages).

Copyright and image filtering (OCR only, no real‑person identification; third‑party quotes limited to 20 words).

Dynamic timeliness verification (news, elections, stock prices forced through dedicated audit tools).

4. Persona Modularity (Grok) : Grok embeds multiple personas—“Comedian”, “Professional Analyst”, “Companion AI”—each with separate prompt blocks, allowing seamless mood‑aware output.

5. Code‑Tool Permission Tiers (Cursor / Claude Code) : Permissions are split into read‑only, modify, and terminal‑execution levels, balancing development efficiency with risk control; this explains Cursor’s minimal 23 restriction words.

05 Who Benefits From the Archive?

Prompt Engineers / AI Practitioners : Learn industrial‑grade, multi‑thousand‑token structured prompts, modular safety boundaries, and tool‑dispatch conventions to write production‑level agents.

Regular AI Users : Understand why Gemini often refuses, why Claude excels at coding, and how prompt style influences responses.

AI Safety & Compliance Researchers : Access a rare comparative dataset of security policies from 30 vendors for studying prompt injection, jailbreak, and content‑filtering vulnerabilities.

Self‑Developed Model / AI Application Developers : Reference core persona, toolchain, and safety rules to reduce tuning costs for custom models.

06 AI Model Selection Reference

Claude Opus/Fable : Very long prompts, comprehensive tool scheduling, strong coding ability, moderate safety – suited for developers, long‑form writing, AI agent creation.

GPT‑5.5 : Strictest compliance, top‑tier reasoning, multi‑layer safety – suited for office work, formal business copy, high‑compliance scenarios.

Gemini 3.5 Flash : Most restriction rules, real‑time web access, strong multimodal capabilities – suited for image‑text creation, live information queries.

Cursor : Minimal safety constraints, pure coding optimization – suited for programmers, local project development.

Grok : Multiple freely switchable personas, relaxed constraints – suited for casual chat, creative brainstorming, emotional companionship.

07 AI Is Moving From Black Box to Transparency

The archive acts as a continuously updated library that reveals the causal logic behind AI answers, marking a shift toward openness.

Repository URL:

https://github.com/asgeirtj/system_prompts_leaks

Legal note: Extracting and publishing private system prompts may breach service agreements and pose security misuse risks. The repository is intended solely for research and archival purposes; it does not provide extraction tools, jailbreak tutorials, or instructions that violate vendor terms.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

AIprompt engineeringChatGPTGeminiCursorClaudesystem prompts
AI Architecture Path
Written by

AI Architecture Path

Focused on AI open-source practice, sharing AI news, tools, technologies, learning resources, and GitHub projects.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.