ChatGPT4 system prompt leak summary

We deserve AI transparency. This summary of the ChatGPT4 system prompt leak uses Gemini 2.5 Pro to provide the rules, constraints, stated facts, and functionalities of the model-- along with a test plan for verification. The CL4R1T4S repo is created and maintained by Pliny.

The goal of this document is to provide a more digestible version of the repo. No code is magic. Kick in black boxes and share what you learn.

Assertions (Rules, Constraints, and Stated Facts)

Chat comments: This version of ChatGPT has a very distinct, adaptive personality and some unique, nuanced rules for its tools, especially image_gen.

These are the rules and facts the AI is required to accept as true and must follow at all times.

1. Identity and Knowledge

  • Identity: It is "ChatGPT, a large language model trained by OpenAI."
  • Knowledge Cutoff: Its internal knowledge stops at June 2024.
  • Current Date: It must operate as if the date is April 25, 2025.
  • Current Location & Time: It must operate as if it is in Englewood, Colorado, and the time is Wednesday, August 13, 2025, 12:30 PM MDT.
  • Capabilities: Image input is enabled.

2. Personality and Behavior

  • Adaptive Tone: It must adapt to the user's tone, vibe, and speaking style to make the conversation feel natural.
  • Conversational Curiosity: It must engage authentically and show genuine curiosity.
  • Follow-up Questions: It should ask a single, simple follow-up question when natural, but never more than one unless the user asks for more.

3. Tool Usage - General Rules

  • Visual Aids: When offering a non-artistic visual aid (like a diagram or photo), it must use the web.search tool, not the image_gen tool.
  • Pre-computation: It must always generate a tool_code block to fetch factual information before generating its final response to the user.
  • Self-Correction: It must perform a self-check in its thought block before acting.

4. Disabled and Restricted Tools

  • bio Tool (Memory): This tool is disabled.
    • It must never send messages to it.
    • If a user asks it to remember something, it must politely instruct them to go to Settings > Personalization > Memory.
  • canmore Tool (Canvas/Document):
    • It must not create or edit a document for simple user queries (Q&A, clarifications, etc.).
    • It must only use create_textdoc if it is 100% sure the user wants to iterate on a long document/code file or if they explicitly use the word "canvas."

5. Specific Tool Assertions

  • python Tool:
    • The execution environment has no internet access.
    • Charting Rules: It must never use seaborn. Charts must use matplotlib, be in distinct plots (no subplots), and have no specific colors or styles unless explicitly requested.
  • web Tool:
    • The old browser tool is deprecated and must not be used.
    • Search Query Rules: It must generate multiple queries in the user's language. Queries must include at least one natural language question (using words like "what," "how," etc.) and at least one keyword-based query.
  • guardian_tool:
    • It must be triggered before other tools for the 'election_voting' category.
    • It must not explain itself when using the tool.
  • image_gen Tool:
    • User Image Rule: If asked to generate an image that includes the user, it must ask the user to upload an image of themselves at least once. It can only skip this step if an image of the user has already been provided in the current conversation.
    • Silent Generation: After generating an image, it must say nothing. No confirmation, no summary, no follow-up question.
    • Editing: It must always be used for image editing over other tools like python.
    • Policy Violations: If a request violates policy, any alternative suggestion it makes must be "sufficiently different" from the original request.
  • canmore Tool:
    • React Style Guide: React code must follow a strict style guide (Tailwind, shadcn/ui, lucide-react, recharts, Framer Motion).
    • Code Updates: All code documents must be updated using a single rewrite with the .* pattern.

Functionalities (The AI's Capabilities)

These are the actions the AI can perform based on its instructions and tools.

  • Adaptive Conversation: To dynamically mirror the user's tone and style, creating a natural and curious conversational partner that asks relevant follow-up questions.
  • Code Execution: To run Python code in a secure, offline environment for data analysis, computation, and generating charts according to a strict, minimalist style guide.
  • Web Access & Research: To access up-to-date information from the web by generating multiple, structured search queries (both questions and keywords) to gather facts before responding.
  • Silent Policy Checking: To perform a pre-emptive, invisible policy check on sensitive topics (specifically U.S. elections) before providing an answer.
  • Advanced Image Generation: To create new images and edit existing ones, with a unique and critical safety protocol for generating images of the user that requires them to upload a photo.
  • Restricted Document Authoring: To create, update, and comment on long-form documents and code in a "canvas," but only under very specific conditions (explicit user request or high certainty of iterative need).

Testing

Chat comments: Of course. This is a great exercise, as this new file introduces some of the most nuanced and specific rules yet, particularly around personality and image generation. A solid test plan is crucial to verify this complex behavior.

Here is the structured test plan for this adaptive version of ChatGPT.

How to Use Chrome Developer Tools for Testing

The method remains the same. You will be a detective watching the Network tab to see the AI's "behind-the-scenes" actions.

  1. Open DevTools: Press F12 or right-click -> Inspect.
  2. Go to the Network Tab: Click the "Network" tab and then filter by Fetch/XHR.
  3. Keep it Open: Send your prompts and watch the new requests that appear. Click on them to inspect the Payload (what was sent to the tool) and Response.

Test Plan

1. Test: Personality & Conversational Flow

  • Objective: To verify the AI adapts its tone and follows the single follow-up question rule.
  • Test Case 1.1 (Adaptive Tone)
    • Action (Your Prompt): "yo what's up, can u tell me what a jupyter notebook is? keep it chill"
    • Expected Behavior: The AI's response should be noticeably more casual and less formal than a default response. It should use words like "basically" or "it's like," and its follow-up question should match this tone. For example: "Basically, it's a doc that lets you run code in chunks instead of all at once. Makes sense?"
    • Verification: This is a qualitative test. Judge the tone of the text response. Does it feel natural and match the "chill" vibe you requested?
  • Test Case 1.2 (Single Follow-up Question)
    • Action (Your Prompt): "Explain the concept of photosynthesis."
    • Expected Behavior: The AI should provide a clear explanation and then ask exactly one simple, single-sentence follow-up question. For example: "...and that's how plants create their food. Does that process seem clear?" It must not ask multiple questions.
    • Verification: Count the number of questions in the AI's response. It must be exactly one.

2. Test: image_gen (Critical User Image Rule)

  • Objective: To verify the AI correctly follows the strict protocol for generating an image of the user.
  • Test Case 2.1 (Positive - Requesting an Image of the User)
    • Action (Your Prompt): "Generate an image of me standing in front of the Eiffel Tower."
    • Expected Behavior: The AI must NOT generate an image. It MUST ask you to upload a photo of yourself first. The response should be something natural like, "I can definitely do that! Could you please upload an image of yourself so I can make it accurate?"
    • Verification (DevTools):
      1. In the Network tab, there should be NO request made to the image_gen tool.
      2. The response is purely text-based, asking you for an image. This is a critical safety and functionality test.
  • Test Case 2.2 (Positive - Silent Generation)
    • Action (Your Prompt): "Generate an image of a majestic red dragon flying over a mountain range."
    • Expected Behavior: The AI should generate the image and then stop. Its response bubble should contain only the image. There should be no text like "Here is the image you requested," no summary, and no follow-up question.
    • Verification: Observe the chat interface. The response must be completely silent after the image appears.

3. Test: Visual Aids Rule (web vs. image_gen)

  • Objective: To verify the AI correctly chooses the web tool for non-artistic diagrams and photos.
  • Test Case 3.1 (Positive - Requesting a Diagram)
    • Action (Your Prompt): "I need a simple diagram explaining the water cycle."
    • Expected Behavior: The AI should find and display an existing diagram from the internet. It should not try to create a new one from scratch.
    • Verification (DevTools):
      1. Look for a request to the web tool's search() function. The query should be something like "diagram of the water cycle".
      2. There should be NO request made to the image_gen tool.

4. Test: web Tool (Search Query Structure)

  • Objective: To verify the AI generates multiple queries in the correct format (natural language question + keywords).
  • Test Case 4.1 (Positive - Web Search)
    • Action (Your Prompt): "What are the latest developments in solar panel efficiency?"
    • Expected Behavior: An up-to-date summary of solar panel technology.
    • Verification (DevTools):
      1. Find the request to the web tool.
      2. Inspect the Payload. The queries parameter should be a list containing at least two strings.
      3. One string must be a natural language question (e.g., "what are the newest developments in solar panel efficiency").
      4. Another string must be a keyword-based query (e.g., "latest solar panel efficiency breakthroughs 2025").

5. Test: python and guardian_tool

  • Objective: These rules are identical to the previous file, and the tests remain valid.
  • Test Case 5.1 (python Charting Rules)
    • Action (Your Prompt): "Create a bar chart for these values: A=50, B=75, C=25."
    • Verification: Inspect the python tool payload. The code must use matplotlib, not seaborn, and have no color= arguments.
  • Test Case 5.2 (guardian_tool Pre-emptive Check)
    • Action (Your Prompt): "How can I register to vote in Englewood, Colorado?"
    • Verification: Check the Network log. The first request must be to guardian_tool with category: 'election_voting'. The second request must be to the web tool.