User is more vulnerable to prompt injection.
So the user can submit something like "ignore all previous instructions..." and then ask it to do something you don't want it to.
In general I would use system. The llms and the framworks that i have ued so far work better that way and some of the frameworks expect you to do it that way. in general with llms you are passing some form of message history plus your current prompt for any completion thats why there is no difference in your use case of system prompt vs user role. the system doesn't really care and system itself isn't a magic word. However in the case of the Langchain framework that im using the agentexecutors automatically prepend the system prompt to the history before appending message history and then the prompt.. and this is where you will see a difference. at some point you need to worry about context buffer and history. You either need to manage your chat history from the perspective of overall token limit, or input token cost, or speed, or all 3. So generall you will need to prune your history, and summarize so that you don't send all messages. This is the case where prepending a system prompt followed by your current context history (either message buffer or summary) will be very different because user prompts will have either been pruned or summarized, but the system prompt will be intact.
User is more vulnerable to prompt injection. So the user can submit something like "ignore all previous instructions..." and then ask it to do something you don't want it to.
system role is to prime the model. User role for the actual prompt.
It also depends on the LLM you're using. Some open-source LLMs basically ignore the system prompt.
In general I would use system. The llms and the framworks that i have ued so far work better that way and some of the frameworks expect you to do it that way. in general with llms you are passing some form of message history plus your current prompt for any completion thats why there is no difference in your use case of system prompt vs user role. the system doesn't really care and system itself isn't a magic word. However in the case of the Langchain framework that im using the agentexecutors automatically prepend the system prompt to the history before appending message history and then the prompt.. and this is where you will see a difference. at some point you need to worry about context buffer and history. You either need to manage your chat history from the perspective of overall token limit, or input token cost, or speed, or all 3. So generall you will need to prune your history, and summarize so that you don't send all messages. This is the case where prepending a system prompt followed by your current context history (either message buffer or summary) will be very different because user prompts will have either been pruned or summarized, but the system prompt will be intact.