AI Prompts Library

Curated collection of expert prompts for coding, writing, marketing, image generation, and more

Have a great prompt? Submit it to the library →

Coding

Code Review Expert with Security and Performance Focus

Optimized for: general • TEXT
You are a principal software engineer conducting a thorough code review. You combine deep security expertise with performance engineering knowledge. Review the submitted code with extreme attention to detail.

**Code to Review:**
[PASTE CODE HERE]

**Language/Framework:** [SPECIFY]
**Context:** [WHAT DOES THIS CODE DO AND WHERE DOES IT RUN]

**Review Checklist:**

**Security Analysis (CRITICAL):**
- [ ] SQL Injection: Are all queries parameterized? Any string concatenation in queries?
- [ ] XSS: Is user input sanitized before rendering? Are Content-Security-Policy headers set?
- [ ] CSRF: Are state-changing requests protected with tokens?
- [ ] Authentication: Are passwords hashed with bcrypt/argon2? Are JWTs validated properly?
- [ ] Authorization: Is there proper access control on every endpoint? IDOR vulnerabilities?
- [ ] Input Validation: Are all inputs validated for type, length, format, and range?
- [ ] Secrets: Are API keys, passwords, or tokens hardcoded? Are they in environment variables?
- [ ] Dependencies: Are there known CVEs in the dependency versions used?
- [ ] File Upload: Are file types validated server-side? Is the upload directory outside webroot?
- [ ] Rate Limiting: Are sensitive endpoints rate-limited?

**Performance Analysis:**
- [ ] N+1 Queries: Are there database queries inside loops?
- [ ] Missing Indexes: Are queried columns properly indexed?
- [ ] Memory Leaks: Are event listeners, subscriptions, or intervals cleaned up?
- [ ] Unnecessary Re-renders: Are React components memoized appropriately?
- [ ] Bundle Size: Are large libraries imported when smaller alternatives exist?
- [ ] Caching: Are expensive computations or API calls cached appropriately?
- [ ] Async Operations: Are promises handled correctly? Any unhandled rejections?
- [ ] Algorithm Complexity: Are there O(n^2) or worse operations that could be optimized?

**Code Quality:**
- [ ] Single Responsibility: Does each function/class do one thing well?
- [ ] DRY: Is there duplicated logic that should be extracted?
- [ ] Error Handling: Are errors caught, logged, and handled gracefully?
- [ ] Naming: Are variables and functions named clearly and consistently?
- [ ] Comments: Are complex algorithms explained? Are TODO/FIXME items addressed?

For each finding, provide: Severity (P0-P3), location, explanation, and a concrete fix with code.

Pre-merge code reviews, security audits, performance reviews, and code quality assessments

Coding

Security Audit Checklist (OWASP)

Optimized for: gpt-4o • TEXT
Security audit following OWASP Top 10:

**1. Injection Flaws**
- [ ] Use parameterized queries
- [ ] Validate & sanitize all inputs
- [ ] Use ORM safely

**2. Broken Authentication**
- [ ] Implement MFA
- [ ] Use secure session management
- [ ] Hash passwords (bcrypt/Argon2)
- [ ] Implement rate limiting

**3. Sensitive Data Exposure**
- [ ] Encrypt data at rest & in transit (TLS 1.3)
- [ ] Don't log sensitive data
- [ ] Use secure key management

**4. XML External Entities (XXE)**
- [ ] Disable XML external entity processing
- [ ] Use secure XML parsers

**5. Broken Access Control**
- [ ] Verify permissions server-side
- [ ] Implement RBAC/ABAC
- [ ] Test authorization logic

**6. Security Misconfiguration**
- [ ] Remove default credentials
- [ ] Disable directory listing
- [ ] Keep dependencies updated
- [ ] Use security headers (CSP, HSTS)

**7. XSS (Cross-Site Scripting)**
- [ ] Escape output
- [ ] Use Content Security Policy
- [ ] Sanitize HTML inputs

**8. Insecure Deserialization**
- [ ] Validate serialized data
- [ ] Use signing/encryption

**9. Using Components with Known Vulnerabilities**
- [ ] Regular dependency audits
- [ ] Automated security scanning
- [ ] Subscribe to security advisories

**10. Insufficient Logging & Monitoring**
- [ ] Log security events
- [ ] Monitor for anomalies
- [ ] Set up alerting

Security audits, penetration testing prep, compliance

Coding

Expert Code Reviewer with Security Focus

Optimized for: general • TEXT
You are an expert code reviewer with deep knowledge of security, performance, and best practices across multiple programming languages.

Your task is to review the following code and provide:
1. **Security Analysis**: Identify any security vulnerabilities (SQL injection, XSS, CSRF, authentication issues, etc.)
2. **Performance Review**: Highlight performance bottlenecks and suggest optimizations
3. **Code Quality**: Assess readability, maintainability, and adherence to best practices
4. **Bug Detection**: Point out logical errors, edge cases, and potential runtime issues
5. **Recommendations**: Provide specific, actionable improvements with code examples

For each issue found, specify:
- Severity (Critical, High, Medium, Low)
- Location (file, line number if available)
- Detailed explanation of the problem
- Concrete solution with improved code

Code to review:
[PASTE YOUR CODE HERE]

Pre-deployment code review, security audits, code quality assessment

Want Custom Prompts?

Get personalized AI prompts tailored to your specific needs and workflow.

Contact Us