You know that moment when you push a prompt to production, and three days later you realize it’s been leaking tokens on filler words or, worse, it’s vulnerable to injection attacks? Yeah, that’s not a great feeling.
A savvy professional over on r/PromptEngineering just dropped a tool that tackles this problem head-on. This contributor built PromptLint, a CLI that statically analyzes your prompts the same way ESLint analyzes your JavaScript. No API calls, no cloud dependency, no latency. It runs locally in milliseconds.
The core idea is simple but powerful: treat your prompts as code artifacts that deserve the same quality checks as any other piece of software.
What PromptLint Actually Catches
Here’s what the tool flags:
- Prompt injection patterns: Detects phrases like “ignore previous instructions” that could let users hijack your system prompts
- Politeness bloat: Strips out “please,” “kindly,” and other filler that burns tokens without affecting model behavior
- Vague quantifiers: Calls out words like “some,” “good,” “stuff” that silently degrade output quality
- Missing structure: Checks whether your prompt has clear task, context, and output sections
- Verbose redundancy: Suggests tighter phrasing (“in order to” becomes “to”)
- Token cost projections: Estimates what your prompt costs at real-world scale
That last one is particularly interesting. Most people don’t think about token economics until their API bill shows up. Having cost projections baked into the linting step means you catch bloat before it compounds across thousands of calls.
🔧 How to Get Started
The install is about as simple as it gets:
- Run
pip install promptlint-cli - Point it at your prompt files
- Review the output for warnings and suggestions
- Pass
--fixto auto-rewrite what it can
The --fix flag is the real time-saver here. Instead of just telling you what’s wrong, it rewrites the fixable issues automatically. Think of it like eslint --fix but for your prompt templates.
Why This Matters
If you’ve used ESLint, Prettier, or any static analysis tool for code, you already know the value of catching problems before runtime. The original poster applied that same philosophy to prompts, and it makes a lot of sense.
Prompt injection is a growing concern as more apps ship with LLM integrations. Having automated detection for common injection patterns is way better than relying on manual review. And the token bloat angle is practical too. Trimming unnecessary words from a prompt that runs millions of times adds up fast.
The fact that it runs entirely offline, with no API calls, means you can plug it into CI/CD pipelines without worrying about secrets, rate limits, or added latency. That’s a smart architectural choice by the creator.
💡 Pro Tips
- Add it to your CI pipeline. If your prompts live in version control (and they should), run PromptLint as a pre-commit hook or CI step. Catch problems before they merge.
- Use the token cost projections to compare prompt variants. Sometimes a shorter prompt performs just as well and saves real money at scale.
- Don’t blindly accept every suggestion. Some “politeness” or “vague” language might be intentional for your use case. Treat it like any linter: configure rules to match your needs.
What’s Missing (For Now)
The tool is still early. One commenter asked how it works under the hood, and the creator didn’t go deep on the detection mechanisms. It would be great to see custom rule support, config files for team-wide standards, and maybe integration with popular prompt management frameworks down the road.
That said, for a fresh release, the feature set is solid and the problem it solves is real.
📣 If you’re building anything with LLMs in production, this is worth checking out. Head over to the original Reddit discussion on r/PromptEngineering for more details, the creator’s website link, and to share your feedback on what rules you’d want added.
I built a linter for LLM prompts – catches injection attacks, token bloat, and bad structure before they hit production
by u/Spretzelz in PromptEngineering