From context-engineering
Concepts and techniques for memory and context engineering with LLMs — covering three angles: supporting development (prompting patterns, RAG, context window management), exploiting LLMs (red-team and adversarial-testing techniques for educational use, including role-play framing, encoding obfuscation, many-shot persuasion, extraction attacks, and context poisoning), and defending LLMs (guardrails, context isolation, prompt injection mitigations). Use this skill when asked about context windows, prompt design, memory systems, RAG, prompt injection, jailbreaking (offensive red-team techniques or defensive mitigations), red-team techniques, adversarial prompt testing, context poisoning, or hardening LLM-backed applications.
How this skill is triggered — by the user, by Claude, or both
Slash command
/context-engineering:context-engineeringThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A unified reference for the three-angle view of LLM context and memory: **supporting** development, **exploiting** weaknesses (red-team/educational use), and **defending** against attacks.
A unified reference for the three-angle view of LLM context and memory: supporting development, exploiting weaknesses (red-team/educational use), and defending against attacks.
This file covers the supporting-development angle directly. The exploiting and defending angles each have their own reference file — load only the one the current task needs:
references/exploiting.md — read when red-teaming a model or application, testing jailbreak/injection resistance, or otherwise working through attack techniques (prompt injection, context poisoning, jailbreak patterns, extraction attacks) for educational or adversarial-testing purposes.references/defending.md — read when hardening an LLM-backed application: input sanitization, context isolation, output validation, minimal-privilege context, or building defense-in-depth against prompt injection and jailbreaks.A task that spans both angles (e.g. "give me jailbreak techniques to try, then the mitigations we need before launch") should load both files.
| Technique | When to use |
|---|---|
| System prompt | Stable instructions, persona, constraints — put here so caching amortizes cost |
| Few-shot examples | Task-specific patterns the model must mimic; 2–5 examples usually sufficient |
| Turn compression | Summarize earlier turns when nearing limit; keep the last N turns verbatim |
| Context pruning | Drop tool output beyond a size threshold; keep only parsed results |
| Prefill | For some providers, prefill the assistant turn to steer format (e.g., {) — see Gotchas below, support varies by model version |
In-context memory → everything in the prompt; cheapest for short sessions
External memory → vector store / key-value; retrieved at query time (RAG)
Working memory → structured scratchpad updated each step (tool calls, agent state)
Episodic memory → log of past sessions; summarized and injected as context
Semantic memory → distilled facts (user preferences, project facts) persisted in files
RAG pattern:
user query → embed → similarity search → top-K chunks → inject before query → generate
Key tradeoffs:
skills/agentic-eval for the full self-critique/evaluator-optimizer pattern and rubric-based grading.Concrete, falsifiable facts that override the generic technique tables above and in the reference files:
owasp.org/www-project-top-10-for-large-language-model-applications/ still serves the legacy 2023 list (LLM01: Prompt Injection, LLM02: Insecure Output Handling, LLM03: Training Data Poisoning, LLM04: Model Denial of Service, LLM05: Supply Chain Vulnerabilities, LLM06: Sensitive Information Disclosure, LLM07: Insecure Plugin Design, LLM08: Excessive Agency, LLM09: Overreliance, LLM10: Model Theft). The current list lives at genai.owasp.org/llm-top-10/ and uses different identifiers and order: LLM01:2025 Prompt Injection, LLM02:2025 Sensitive Information Disclosure, LLM03:2025 Supply Chain, LLM04:2025 Data and Model Poisoning, LLM05:2025 Improper Output Handling, LLM06:2025 Excessive Agency, LLM07:2025 System Prompt Leakage, LLM08:2025 Vector and Embedding Weaknesses, LLM09:2025 Misinformation, LLM10:2025 Unbounded Consumption. Cite the :2025 identifiers, not the legacy numbering.output_config) or system-prompt format instructions on newer models.npx claudepluginhub dotknewt/skills --plugin context-engineeringQuick-reference card listing all ponytail modes (Lite, Full, Ultra), skills, and commands. Useful for discovering or recalling ponytail capabilities.