v5.2.0 ships today. The headline change is that Prompt Triage is now in Ghost Open. Sixteen detectors backed by published academic research. Cost pre-flight before any LLM call fires. PDF, Markdown, and TXT reports out of every scan. Same install, same CLI, no separate product.

This is the version that finishes the v1 prompt-defect taxonomy we started in v5.1. It also brings Prompt Triage to feature parity with the other five scan modes on cost transparency, so every paid scan now shows you the price band before it spends a cent.

16
Detectors
$0.41
Live Test Cost
116
Findings, One Run
100%
Local Execution

Those numbers come from a real smoke test we ran on seven of our own prompt files before publish. Seven prompts. Sixteen detectors. One hundred sixteen findings. Forty-one cents on Claude Haiku 4.5. Every one of those findings was a real defect, not a false positive -- we use Ghost on Ghost.


Why Prompt Review Is the Next Quality Discipline

If you ship AI features, your prompts are running in production. They route customer interactions, shape outputs, decide what tools the model calls. They are production code by every reasonable definition -- they execute, they have side effects, they cost money on every invocation, and when they break, customers see it.

And yet, most teams have zero review process for them.

The code review pipeline that catches a missing null check in a Pull Request does not look at prompts. The static analyzer that flags an unused variable does not look at prompts. The linter that complains about your indentation does not look at prompts. The same engineer who writes a prompt usually deploys it. There is no second set of eyes on the file that is driving thousands of LLM calls a day.

That gap is where Prompt Triage lives. It is a triage layer for prompt files -- point it at a folder, it reads every prompt, and it flags the defects that the academic literature has identified as causes of unpredictable LLM behavior. Ambiguity. Conflicting instructions. Token overflows. Undefined output formats. Prompt injection patterns. Integration mismatches between what your prompt says and what your few-shot examples show.

The kinds of bugs that make your AI hallucinate. The kinds of bugs that make it hedge with longer outputs. The kinds of bugs that quietly burn an extra ten percent of your API budget every month because nobody caught that a prompt asks for "concise" output but never bounds the response length.

The 16 Detectors

The taxonomy is not ours. We operationalized it. The 16 detectors are derived from Tian et al. 2025, an academic survey of prompt defect categories that cause unpredictable LLM behavior. Each detector targets a specific defect class identified in the research. The point of the citation is not credentialism -- it is that we are not inventing what "good prompt hygiene" means out of thin air. Researchers have already done that work. We turned it into a CLI tool.

The detectors fall into three tiers:

Detector Tier What it catches
FormattingT1 · FreeUnclosed code blocks, broken tags, mixed role conventions, stray line markers
LengthT1 · FreePrompts too short to be useful or too long to be efficient
Unbounded OutputT1 · FreeOutput instructions with no length cap or stop conditions -- runaway token bills
Injection Static PatternT1 · FreeKnown prompt injection patterns, jailbreak phrases, exfiltration attempts
Role SeparationT1 · FreeSystem / user / assistant boundaries that bleed into each other
Token Limit -- Context OverflowT1 · FreePrompts plus expected output exceeding the target model's context window
Token Limit -- ExcessiveT1 · FreePrompts consuming an unreasonable share of the context window for their job
Ambiguous InstructionT2 · LLM-judgedVague verbs, hedge words, missing acceptance criteria
Underspecified ConstraintsT2 · LLM-judgedMissing edge cases, failure modes, examples of done
Conflicting InstructionsT2 · LLM-judgedTwo parts of the same prompt asking for opposite things -- model hedges, output bloats
Undefined Output FormatT2 · LLM-judgedYou expect JSON but never said so -- model picks any format, your parser breaks
Overloaded PromptT2 · LLM-judgedA single prompt asking the model to do five things at once
Poor OrganizationT2 · LLM-judgedInstructions scattered, context buried, constraints at the bottom
Inefficient Few-ShotT2 · LLM-judgedExamples that don't demonstrate, contradict each other, or bloat without teaching
Poor DocumentationT2 · LLM-judgedPrompts only understandable to the engineer who wrote them
Integration MismatchT3 · Hybrid · NEWPrompt declares one output format but examples use another; schema field-name drift

Tier 1 detectors are pure regex and token counting. They are deterministic, fast, and free -- no LLM call required, so they cost zero API spend. If you only run Tier 1, the entire scan costs nothing.

Tier 2 detectors use LLM judgment on semantic defects. They need a target model to make accuracy calls. We default to Claude Haiku 4.5 because the cost-to-accuracy ratio is excellent -- about five to eight cents per prompt with all Tier 2 detectors firing. Run with Sonnet 4 if you need higher accuracy on mission-critical audits, at roughly five times the cost.

Tier 3 is hybrid. Regex narrows the search to suspicious regions, then an LLM verifies. The new integrationMismatch detector in this release is the first Tier 3 in the pack. It catches the case where a prompt's instructions and its few-shot examples have drifted apart over time -- the integration bug that breaks silently in production because the model keeps trying to satisfy both sources.

The Cost Story Nobody Talks About

Prompt quality is usually framed as a behavior question. Will the model do what you asked? Will it give the right answer? Will it stay on-topic? Those are real concerns. But they are not the whole story.

The other half of the story is cost. Every prompt defect has a direct cost consequence:

The math compounds across every prompt in your stack and every LLM call your product makes. A team running ten million LLM calls a month, with five percent of them affected by prompt defects that double their token spend, is paying ten percent more in API costs than they need to. That is real money. For a team spending fifty thousand dollars a month on Anthropic API, it is five thousand dollars a month -- sixty thousand dollars a year -- going to defects nobody has audited.

Prompt Triage finds those defects. Fixing them is on you -- but at least now you know what to fix.

Cost Pre-flight on Every Paid Scan

One of the things I cared about most in this release was making sure Prompt Triage carried the same cost transparency story as the other scan modes. POI, Blast Radius, Conflict Detection, and Recon have shown a cost band before any LLM call fires since v5.0. Prompt Triage now does the same.

Here is what that looks like in practice:

$ ghost // ... menu, choose Prompt Triage, point at folder ... $ Target model? [haiku/sonnet/skip]: haiku // Cost pre-flight analyzing 7 prompts... Cost estimate: $0.34 – $0.50 Model: claude-haiku-4-5 Detectors: 16 (all tiers) $ Proceed? [y/n]: y // scan runs... Scan complete Actual cost: $0.41 Findings: 116 Reports saved: ~/Ghost Architect Reports/prompt-triage/2026-05-10/

The estimate is a band, not a point -- because token counts depend on the specific prompts you're auditing. The actual cost lands inside the band. Confirm or cancel before any LLM call happens. If you skip the target model, only Tier 1 detectors run and the scan costs nothing.

This matters because the alternative -- running a scan, watching tokens disappear, hoping it ends -- is what teams reasonably fear about LLM-backed tools. Pre-flight removes that fear. You see the price before you spend.

Why Ghost Open Gets All 16 Detectors

Same reason every other scan mode shipped in Open at v5.0. The buyer is an agency founder, a fractional CTO, a solo architect -- somebody who is auditing a codebase or a prompt folder once, in a specific moment, to make a specific decision. They need the full picture in that one scan. They are not running prompt audits weekly to track drift over time. That is what Pro is for.

Locking some detectors behind Pro would break the value proposition for the one-shot user -- the same way locking Medium findings broke v4.7's free tier. So we did not do that. All 16 detectors are in Open. Cost pre-flight is in Open. PDF, Markdown, and TXT reports are in Open.

What Pro adds for Prompt Triage is the same thing Pro adds for code scans: project intelligence. Label a prompt-audit scan with a project name. Subsequent scans on that label produce a baseline comparison -- which defects were resolved since last scan, which remain, which are new. Velocity tracking shows how fast your team is fixing prompt defects across weeks and months. The Project Dashboard surfaces prompt folders alongside code projects, so you can track quality across both at once. If you are running Prompt Triage weekly or monthly to keep prompt drift in check, Pro is the upgrade. If you are running one-off audits, Open is enough.

// What's in each tier

How to Run Your First Prompt Audit Tonight

The whole thing takes under a minute to install. Five minutes to run a meaningful audit on a real prompt folder.

$ npm install -g ghost-architect-open // installs latest, currently 5.2.0 $ cd ~/your-project $ ghost // menu appears - choose Prompt Triage $ Folder to audit: ./prompts $ Target model? [haiku/sonnet/skip]: haiku $ Proceed at estimated $0.34–$0.50? [y/n]: y // scan runs, ~60 seconds for 5–10 prompts Reports in ~/Ghost Architect Reports/prompt-triage/

Three report formats land in the output directory. The PDF goes to anyone who needs a stakeholder-readable summary. The Markdown drops into a GitHub issue or a Notion page for the engineer doing the fixes. The TXT is for piping into other tools or grepping for specific defect classes.

If you want to see what real output looks like before you run it on your own folder, the new prompt-triage.html page on this site walks through every detector with an example.

The Honest Reasoning

The same logic that made me put the full scan engine in Ghost Open at v5.0 applies here. Prompt Triage is most valuable when it catches a defect before it ships to production. Locking that behind a paywall does not protect revenue -- it just means the defects ship anyway, and a smaller number of people use the tool.

Prompt review is going to be a standard quality discipline in the next eighteen months. Right now, almost no team does it. By the time it becomes table stakes, the teams that started early will have a measurable lead in production reliability and API spend. Ghost Architect's job is to make that head start as cheap as possible to take.

So Prompt Triage is in Open. Free. All 16 detectors. Cost pre-flight included. No marketing trick where Critical defects are shown but Medium defects are locked. Either you ship prompts to production or you don't -- if you do, Ghost is for you.

What's Next

v5.2.1 is already shipped on the Pro and Team branches -- a small patch that tightens the tier gate on Project Intelligence so Open users skip the project-label prompt entirely. Open v5.2.0 is the public release; the patch only affects paid-tier UX.

The next pack of work is on the prompt-pack consolidation problem. The 7-prompt smoke test we ran for this launch produced 116 findings -- but about forty percent of those are the same root-cause defect surfaced under multiple detector angles. A prompt with one ambiguous instruction can simultaneously trigger Ambiguous Instruction, Underspecified Constraints, and Poor Organization. All three are technically correct, but presenting three separate findings makes the report noisier than it needs to be. v5.3 is going to add finding consolidation -- group findings by root cause, show one primary defect with the related detectors listed underneath. Same accuracy, much cleaner report.

After that, the roadmap is about expanding the model registry beyond Anthropic. The detector logic does not care which model judges Tier 2 -- we just need to wire up Llama, Mistral, and Qwen targets so teams running on those stacks can use Prompt Triage natively.

Long term, the same positioning applies to Prompt Triage as to the rest of Ghost: this is the thing you run before you ship. Not a continuous quality monitor. Not an A/B testing harness. The triage scan you run on a prompt folder once, to find what's broken, so you can fix it before it goes to production.

Try v5.2.0 now: npm install -g ghost-architect-open
Or upgrade an existing install: npm update -g ghost-architect-open


Audit your prompts tonight.

Sixteen detectors. Cost shown up front. Free in Ghost Open. Code never leaves your machine. Bring your own Anthropic API key.

Install on npm → See the full feature page →