| Awareness of the prompt engineering term and why it’s used to shape model behavior and outputs. |
Understanding the purpose/scope of prompt engineering and how prompts influence model behavior. |
Awareness of core components (role, context, instructions). |
| Awareness that prompts should be structured. |
Understanding the role, context, and instructions purposes in prompts. |
Awareness of more advanced components: audience, output format, and constraints. |
| Awareness of frameworks as instance. |
Understanding the difference between prompts with and without frameworks. |
Awareness of the importance of using different frameworks for different tasks. Understanding at least three different frameworks. |
| Awareness of the difference between system and user prompts in examples. |
Understanding when and why to use system vs user prompts to guide LLM behavior. Understanding the distinction between application-level system prompts and model-level system prompts. |
Ability to explain how to design system prompts and user prompts that complement each other and prevent conflicts in multi-turn conversations. Ability to explain how to design robust and sophisticated prompts to prevent attempts to override system instructions by user prompts. |
| Awareness that LLM can format output. |
Understanding LLM output format capabilities and limitations, including which format type LLM can generate and which it cannot. Awareness that adding specific formatting examples to input data will influence the output format. |
Awareness of proprietary formats that particular LLMs generate well. |
| Awareness that LLMs can process input data in different formats (JSON, XML, CSV, etc.). |
Understanding the prompt structure to explain to the LLM how to process structured data. |
Awareness of which input data format is more efficient for particular LLMs and tasks. |
| Awareness that LLM behavior can be customized using different parameters (alongside prompts). Understanding temperature and max tokens and their visible effects. |
Awareness of advanced parameters by name and purpose (top-p, top-k, presence/frequency penalties, stop sequences). Awareness that advanced parameters can be set through API. |
Ability to explain each parameter’s function (temperature, max tokens, top-p, top-k, presence/frequency penalties, stop sequences) and when to use it. |
| Awareness of the typical tuning cycle. Awareness that prompt tuning is iterative process. |
Understanding an iterative prompt tuning workflow (measure → adjust → compare) with examples. |
Ability to explain how to use evidence and metrics to refine prompts. |
| Awareness of the existence of different approaches for prompting to achieve better outcomes. Awareness of zero-shot vs few-shot from examples. |
Understanding when to use zero-shot vs. few-shot prompting, including their benefits and limitations. Awareness of Chain-of-Thought (CoT) and prompt chaining techniques from examples. |
In-depth understanding of how Chain-of-Thought (CoT) and prompt chaining work, when to use them, and their benefits and limitations. Awareness of which prompt technique yields better results (with less effort) for particular tasks. |
| Awareness that models hallucinate and outputs can reflect biases. |
Awareness that hallucinations and biases can be addressed with appropriate strategies. Ability to identify hallucinations and biases in outputs. |
Understanding strategies to reduce hallucinations and bias in LLM outputs. |
| Awareness of data protection and security principles, including what must not be shared with LLM tools. Awareness of what steps need to be taken to obtain permission to use LLM. |
Awareness of common OWASP-10 vulnerabilities in prompts/outputs, such as prompt injection, jailbreak attacks, sensitive information disclosure, overreliance, insecure output handling, logging/sharing exposure, insecure plugin/tool use/excessive permissions, data poisoning via RAG/context, multimodal payloads. |
In-depth understanding of common OWASP-10 vulnerabilities in prompts/outputs, such as prompt injection, jailbreak attacks, sensitive information disclosure, overreliance, insecure output handling, logging/sharing exposure, insecure plugin/tool use/excessive permissions, data poisoning via RAG/context, multimodal payloads. |