Quickly assess security, performance, and style issues across any codebase with these ready‑to‑use prompts. Paste a file, a diff, or a repository URL into the placeholder, then run the prompt in your preferred LLM. Use the “Copy” button to grab the exact prompt text and edit the [PLACEHOLDERS] to match your project.
You are a security auditor. Scan the following [LANGUAGE] file for common vulnerabilities (SQL injection, XSS, insecure deserialization, etc.). Return a JSON array with objects: { "line": number, "type": "VULN_TYPE", "severity": "low|medium|high", "remediation": "short fix suggestion" }.
File:
[PASTE_OR_PATH]
When to use: Early in a CI pipeline to catch glaring security flaws before code merges.
Act as a code cleaner. Analyze the provided [LANGUAGE] source and list any functions, classes, or variables that are never referenced. Output a markdown table with columns: Symbol, Location, Reason.
Source:
[PASTE_OR_REPO_URL]
When to use: Before a major refactor to reduce bloat and improve maintainability.
You are a linter. Check the following [LANGUAGE] snippet against the style guide at [URL_TO_GUIDE]. Return a list of violations in this format:
- Line X: Issue (Rule ID) – Suggested fix.
Code:
[PASTE_CODE]
When to use: As a pre‑commit hook to keep codebase consistent.
Inspect the given [LANGUAGE] project and compute cyclomatic complexity for each function. List any function with complexity > [THRESHOLD] in a table: Function, File, Complexity, Refactor suggestion.
Project root:
[PATH_OR_URL]
When to use: During performance reviews to spot maintainability risks.
Based on the following [LANGUAGE] module, create skeleton unit tests using [TEST_FRAMEWORK]. For each public function, output a test file with placeholders for inputs and expected outputs.
Module:
[PASTE_OR_PATH]
When to use: When onboarding a new module lacking coverage.
Assume you can run the code locally. Provide a step‑by‑step guide to profile the critical function `processData` in [LANGUAGE] using built‑in tools (e.g., cProfile, perf). Include commands, flags, and how to interpret the output.
Project:
[REPO_URL]
When to use: Before optimizing latency‑sensitive services.
List all third‑party dependencies in the provided `package.json` (or equivalent) and check their latest stable versions. Output a markdown table: Package, Current, Latest, Change Type (major/minor/patch), Upgrade command.
File:
[PATH_TO_PACKAGE_JSON]
When to use: Quarterly maintenance to keep libraries up‑to‑date and secure.
Review the following [LANGUAGE] code for logging statements. Ensure logs:
- Do not contain PII
- Use appropriate levels (debug/info/warn/error)
- Include correlation IDs
Return a list of problematic lines with suggested replacements.
Code:
[PASTE_CODE]
When to use: Prior to GDPR compliance checks.
Given an OpenAPI spec at [URL] and the implementation file [PATH], compare them. List mismatches (missing endpoints, wrong request/response schemas) in a table: Endpoint, Issue, Suggested fix.
Spec:
[OPENAPI_URL]
Implementation:
[CODE_PATH]
When to use: Before releasing a new version of a public API.
You are an architecture reviewer. Examine the repository structure and README to infer service responsibilities. Identify any violations of the Single Responsibility Principle and suggest refactorings.
Repo:
[REPO_URL]
When to use: During a domain‑driven design workshop.
Parse the following SQL queries and explain their complexity. Flag any that lack indexes or use SELECT *. Provide an optimized version if possible.
Queries:
[PASTE_SQL]
When to use: When query performance becomes a bottleneck.
From the given code snippet, identify read‑heavy functions that could benefit from caching. Recommend a caching strategy (in‑memory, Redis, CDN) and show a small code addition using [CACHE_LIB].
Snippet:
[PASTE_CODE]
When to use: After profiling shows repeated expensive calls.
Based on the code in [DIR_OR_REPO], produce a concise README section that includes:
- Project purpose
- Quick start commands
- Core architecture diagram (textual)
- Contribution guidelines
Output in markdown.
When to use: When a new team takes ownership of an existing repo.
Read the git log between tags v[OLD] and v[NEW] in the repo at [URL]. Summarize the changes in three categories: Features, Fixes, Breaking Changes. Return markdown with bullet points and PR links.
Repo:
[REPO_URL]
When to use: For release notes generation.
Explain the algorithm implemented in the function `computeOptimalPath` (written in [LANGUAGE]) as if to a junior engineer. Include:
- High‑level description
- Time/space complexity
- A step‑by‑step walkthrough with a small example
- Potential edge cases
Code:
[PASTE_CODE]
When to use: During code reviews or onboarding sessions.
Given the Dockerfile at [PATH] and typical request volume of [REQ_PER_DAY], estimate monthly compute cost on AWS Fargate (or GCP Cloud Run). Show a table: Service, vCPU, Memory, Requests, Cost.
Dockerfile:
[PASTE_DOCKERFILE]
When to use: Before budgeting a new microservice.
Analyze the following [LANGUAGE] code for loops that could be replaced with vectorized or parallel operations. List each loop with line numbers and a one‑sentence rewrite suggestion.
Code:
[PASTE_CODE]
When to use: After profiling shows CPU hot spots.
Review the Webpack (or Vite) config at [PATH] and the entry point file. Identify imported libraries that inflate bundle size (>100KB). Suggest alternatives or code‑splitting techniques.
Config:
[PASTE_CONFIG]
Entry:
[PASTE_ENTRY]
When to use: Prior to a front‑end performance audit.
Given the Go program below, point out structs or slices that cause high heap usage. Propose using pools, streaming, or smaller types. Provide revised code snippets.
Program:
[PASTE_GO]
When to use: When running in constrained containers.
List all licenses of third‑party packages used in the `pom.xml` (or similar). Determine if any are incompatible with the project's MIT license. Output a table: Package, License, Compatible? (Yes/No), Action.
File:
[PATH_TO_DEP_FILE]
When to use: Before open‑sourcing a proprietary codebase.
Search the codebase for handling of personal data fields (e.g., email, address). Flag any place where data is stored without encryption or proper consent checks. Return a report with file, line, and remediation.
Repo:
[REPO_URL]
When to use: During a privacy impact assessment.
[PLACEHOLDER] with concrete values before sending the prompt; vague placeholders lead to generic answers.