An Empirically-grounded tool for Automatic Prompt Linting and Repair: A Case Study on Bias, Vulnerability, and Optimization in Developer Prompts
Dhia Elhaq Rzig, Dhruba Jyoti Paul, Kaiser Pister, Jordan Henkel, Foyzul Hassan
TL;DR
This work presents PromptDoctor, a tool and methodology for automatically linting Dev Prompts—natural-language prompts embedded in code—targeting bias, prompt injection vulnerability, and sub-optimal performance in LLM-enhanced software. Through a large-scale empirical study on prompts mined from OSS projects, the authors quantify bias and vulnerability prevalence, and demonstrate substantial remediation and optimization gains via generation-evaluation loops, including a VSCode extension for real-world integration. The approach relies on canonicalizing prompts, patching holes with synthetic values, and iterative rewriting to produce de-biased, hardened, and optimized prompts without fine-tuning underlying LLMs. Overall, the work highlights a new class of software artifacts—Dev Prompts—and offers practical tooling and empirical guidance to improve their reliability and safety in production systems.
Abstract
The tidal wave of advancements in Large Language Models (LLMs) has led to their swift integration into application-level logic. Many software systems now use prompts to interact with these black-box models, combining natural language with dynamic values interpolated at runtime, to perform tasks ranging from sentiment analysis to question answering. Due to the programmatic and structured natural language aspects of these prompts, we refer to them as Developer Prompts. Unlike traditional software artifacts, Dev Prompts blend natural language instructions with artificial languages such as programming and markup languages, thus requiring specialized tools for analysis, distinct from classical software evaluation methods. In response to this need, we introduce PromptDoctor, a tool explicitly designed to detect and correct issues of Dev Prompts. PromptDoctor identifies and addresses problems related to bias, vulnerability, and sub-optimal performance in Dev Prompts, helping mitigate their possible harms. In our analysis of 2,173 Dev Prompts, selected as a representative sample of 40,573 Dev Prompts, we found that 3.46% contained one or more forms of bias, 10.75% were vulnerable to prompt injection attacks. Additionally, 3,310 were amenable to automated prompt optimization. To address these issues, we applied PromptDoctor to the flawed Dev Prompts we discovered. PromptDoctor de-biased 68.29% of the biased Dev Prompts, hardened 41.81% of the vulnerable Dev Prompts, and improved the performance of 37.1% sub-optimal Dev Prompts. Finally, we developed a PromptDoctor VSCode extension, enabling developers to easily enhance Dev Prompts in their existing development workflows. The data and source code for this work are available at
