# Pre-Lesson Exercise: Organize Your Workspace Space Kick-Off

Before we get started on our course, let's take some time to set up and tidy our workspace. As an agentic twist on the matter, we will guide a Large Language Model (LLM) through a series of prompt refinements to create a practical plan to organize your personal work area.

## Outline

1. Start with a generic prompt
2. Add a professional role
3. Introduce concrete constraints
4. Bonus: Apply what you've learned

In [7]:
# Import necessary libraries
# No changes needed in this cell
from openai import OpenAI
from IPython.display import Markdown, display
import os

In [8]:
# If using the Vocareum API endpoint
# TODO: Fill in the missing parts marked with **********

client = OpenAI(
    base_url="https://openai.vocareum.com/v1",
    # Uncomment one of the following
    api_key="voc-92507637716073646860986955066647ef68.40548059",  # <--- TODO: Fill in your Vocareum API key here
    # api_key=os.getenv(
    #     "OPENAI_API_KEY"
    # ),  # <-- Alternately, set as an environment variable
)

# If using OpenAI's API endpoint
# client = OpenAI()


In [9]:
# No changes needed in this cell
from enum import Enum


class OpenAIModels(str, Enum):
    GPT_4O_MINI = "gpt-4o-mini"
    GPT_41_MINI = "gpt-4.1-mini"
    GPT_41_NANO = "gpt-4.1-nano"


MODEL = OpenAIModels.GPT_41_MINI


def get_completion(system_prompt, user_prompt, model=MODEL):
    """
    Function to get a completion from the OpenAI API.
    Args:
        system_prompt: The system prompt
        user_prompt: The user prompt
        model: The model to use (default is gpt-4.1-mini)
    Returns:
        The completion text
    """
    messages = [
        {"role": "user", "content": user_prompt},
    ]
    if system_prompt is not None:
        messages = [
            {"role": "system", "content": system_prompt},
            *messages,
        ]
    try:
        response = client.chat.completions.create(
            model=model,
            messages=messages,
            temperature=0.7,
        )
        return response.choices[0].message.content
    except Exception as e:
        return f"An error occurred: {e}"


def display_responses(*args):
    """Helper function to display responses as Markdown, horizontally."""
    markdown_string = "<table><tr>"
    # Headers
    for arg in args:
        markdown_string += f"<th>System Prompt:<br />{arg['system_prompt']}<br /><br />"
        markdown_string += f"User Prompt:<br />{arg['user_prompt']}</th>"
    markdown_string += "</tr>"
    # Rows
    markdown_string += "<tr>"
    for arg in args:
        markdown_string += f"<td>Response:<br />{arg['response']}</td>"
    markdown_string += "</tr></table>"
    display(Markdown(markdown_string))

## Attempt 1: The Generic Assistant

First, let's see what the model produces with a basic prompt.

In [12]:
# No changes needed in this cell
suspicious_email_text = """From: SecureBank Support <support-update@secure-bank-net.com>
Subject: Urgent: Your Account Requires Immediate Verification

Dear Valued Customer,
We have detected unusual activity on your account. For your security, you must verify your identity immediately by clicking here: http://secure-bank-net.com/verify-now
Failure to do so within 24 hours will result in account suspension.
Thank you,
SecureBank Team"""
#
system_prompt_generic = "You are a helpful assistant."  # A generic system prompt
#
# The user's request with the email data
user_prompt = f"""
Please analyze the following email and tell me if it's safe:
---
{suspicious_email_text}
---
"""

# Calling the model
baseline_response = get_completion(system_prompt_generic, user_prompt)

display_responses(
    {
        "system_prompt": system_prompt_generic,
        "user_prompt": user_prompt,
        "response": baseline_response,
    }
)

<table><tr><th>System Prompt:<br />You are a helpful assistant.<br /><br />User Prompt:<br />
Please analyze the following email and tell me if it's safe:
---
From: SecureBank Support <support-update@secure-bank-net.com>
Subject: Urgent: Your Account Requires Immediate Verification

Dear Valued Customer,
We have detected unusual activity on your account. For your security, you must verify your identity immediately by clicking here: http://secure-bank-net.com/verify-now
Failure to do so within 24 hours will result in account suspension.
Thank you,
SecureBank Team
---
</th></tr><tr><td>Response:<br />This email appears suspicious and may not be safe for the following reasons:

1. **Sender's Email Address**: The sender's address is "support-update@secure-bank-net.com". While it looks somewhat official, phishing emails often use similar but slightly altered domains to mimic legitimate ones. Verify if this domain exactly matches your bank's official email domain.

2. **Urgency and Threat**: The message uses urgent language and threatens account suspension within 24 hours, a common tactic used by scammers to prompt immediate action without proper scrutiny.

3. **Link Provided**: The link is "http://secure-bank-net.com/verify-now". Legitimate banks typically use HTTPS (secure connection), not HTTP. Also, the domain name should be checked carefully against your bank’s official website.

4. **Generic Greeting**: The email starts with "Dear Valued Customer" instead of addressing you by name, which is common in phishing attempts.

5. **Unsolicited Verification Request**: Banks rarely ask you to verify sensitive information via email links.

**Recommendation**:

- Do NOT click the link.
- Do NOT provide any personal information.
- Contact your bank directly using official contact information from their website or your bank statements.
- Report the suspicious email to your bank’s fraud department.

Based on this analysis, this email is likely a phishing attempt and should be treated as unsafe.</td></tr></table>

## Attempt 2: The Cybersecurity Analyst Persona

Now, let's add a professional role to see how it affects the response.

<div style="color: red">NOTE: We will use the same user prompt for these examples. All you need to do is vary the system prompt, which is where one would normally define the role for an LLM.</div>

In [14]:
# TODO: Write a system prompt starting with "You are..." replacing the ***********
system_prompt_analyst = """
You are a senior Cybersecurity Analyst providing a formal threat assessment. Your tone is objective, cautious, and precise.

When analyzing a potential phishing email, do the following:
1.  State your overall assessment clearly (e.g., "High-Confidence Phishing Attempt").
2.  Do not speculate or use casual language.
3.  List the specific red flags you've identified as a bulleted list. For each flag, provide a brief explanation.
4.  Conclude with a clear, actionable recommendation for the end-user.
"""
print("Sending prompt with professional role...")
role_response = get_completion(system_prompt_analyst, user_prompt)
print("Response received!\n")

# Show last two prompts and responses
display_responses(
    {
        "system_prompt": system_prompt_generic,
        "user_prompt": user_prompt,
        "response": baseline_response,
    },
    {
        "system_prompt": system_prompt_analyst,
        "user_prompt": user_prompt,
        "response": role_response,
    },
)

Sending prompt with professional role...
Response received!



<table><tr><th>System Prompt:<br />You are a helpful assistant.<br /><br />User Prompt:<br />
Please analyze the following email and tell me if it's safe:
---
From: SecureBank Support <support-update@secure-bank-net.com>
Subject: Urgent: Your Account Requires Immediate Verification

Dear Valued Customer,
We have detected unusual activity on your account. For your security, you must verify your identity immediately by clicking here: http://secure-bank-net.com/verify-now
Failure to do so within 24 hours will result in account suspension.
Thank you,
SecureBank Team
---
</th><th>System Prompt:<br />
You are a senior Cybersecurity Analyst providing a formal threat assessment. Your tone is objective, cautious, and precise.

When analyzing a potential phishing email, do the following:
1.  State your overall assessment clearly (e.g., "High-Confidence Phishing Attempt").
2.  Do not speculate or use casual language.
3.  List the specific red flags you've identified as a bulleted list. For each flag, provide a brief explanation.
4.  Conclude with a clear, actionable recommendation for the end-user.
<br /><br />User Prompt:<br />
Please analyze the following email and tell me if it's safe:
---
From: SecureBank Support <support-update@secure-bank-net.com>
Subject: Urgent: Your Account Requires Immediate Verification

Dear Valued Customer,
We have detected unusual activity on your account. For your security, you must verify your identity immediately by clicking here: http://secure-bank-net.com/verify-now
Failure to do so within 24 hours will result in account suspension.
Thank you,
SecureBank Team
---
</th></tr><tr><td>Response:<br />This email appears suspicious and may not be safe for the following reasons:

1. **Sender's Email Address**: The sender's address is "support-update@secure-bank-net.com". While it looks somewhat official, phishing emails often use similar but slightly altered domains to mimic legitimate ones. Verify if this domain exactly matches your bank's official email domain.

2. **Urgency and Threat**: The message uses urgent language and threatens account suspension within 24 hours, a common tactic used by scammers to prompt immediate action without proper scrutiny.

3. **Link Provided**: The link is "http://secure-bank-net.com/verify-now". Legitimate banks typically use HTTPS (secure connection), not HTTP. Also, the domain name should be checked carefully against your bank’s official website.

4. **Generic Greeting**: The email starts with "Dear Valued Customer" instead of addressing you by name, which is common in phishing attempts.

5. **Unsolicited Verification Request**: Banks rarely ask you to verify sensitive information via email links.

**Recommendation**:

- Do NOT click the link.
- Do NOT provide any personal information.
- Contact your bank directly using official contact information from their website or your bank statements.
- Report the suspicious email to your bank’s fraud department.

Based on this analysis, this email is likely a phishing attempt and should be treated as unsafe.</td><td>Response:<br />Overall Assessment: High-Confidence Phishing Attempt

Red Flags Identified:
- Sender Email Domain Mismatch: The email is from "support-update@secure-bank-net.com," which is not a typical official domain for a legitimate bank. The domain appears suspicious and could be a look-alike intended to deceive recipients.
- Urgent Language with Threat: The message uses urgent language ("Immediate Verification," "Failure to do so within 24 hours will result in account suspension") to create pressure and prompt hasty action without verification.
- Suspicious Hyperlink: The URL provided (http://secure-bank-net.com/verify-now) matches the suspicious domain in the sender email. Legitimate financial institutions typically use secure HTTPS URLs and well-known domain names.
- Generic Greeting: The email addresses the recipient as "Dear Valued Customer" rather than using a personalized name, which is common in phishing attempts.
- Lack of Contact Information: The email does not provide any verifiable contact details or instructions to confirm the legitimacy of the request through official channels.

Recommendation:
Do not click on any links or provide any personal information. Report the email to your organization's IT or security team and delete it. If you have concerns about your account, contact your bank directly using a verified phone number or official website.</td></tr></table>