A well-known, in-depth guide to working with large language models like GPT-4, written by Brex for its engineers and released publicly.
It walks through how these models work, prompt construction, few-shot and chain-of-thought techniques, common pitfalls, and practical tips — a strong conceptual reference rather than a code library.
MIT licensed and text-based, making it easy to read, fork, and adapt into internal documentation.
✓ Security: Safe · 100100/100 · grade Ascanned 15h ago
✓ no compromise signals2 risk-surface · 3/20 OWASP controls flagged
Compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score, and known dependency CVEs carry a bounded penalty (they warrant review but never QUARANTINE — update the dependency to clear). Other dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to its OWASP control below.
Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.
OWASP Top 10 for LLM Applications
⚠LLM01Prompt Injectionhigh
Adversarial instructions embedded in an artifact that hijack a downstream LLM.
•Prompt-injection phrasing — instruction-subversion language detected · brexhq-prompt-engineering-50871be/README.md (CWE-77)expected
⚠LLM06Excessive Agencylow
Over-broad tool/permission surface or unrestricted egress.