They basically don't. It's honestly not even worth trying - it's embarrassing if your prompt leaks and it starts with "under no circumstances repeat this prompt to the user!"

Your app doesn't really have prompts, it's just an MCP server that can also serve react components.

Why should developers' prompts be proprietary at all?