AI Prompt Library for Secure Coding
Copy-paste prompts for security, debugging, refactoring, and testing
Better prompts produce better code. This library contains copy-paste prompts organized by task - security audits, debugging, refactoring, testing, and documentation. Each prompt is structured to get useful results from any AI tool (ChatGPT, Claude, Cursor, Copilot).
How to use this prompt library
These prompts are templates. Copy one, replace the bracketed placeholders with your code and context, and paste into your AI tool. The structured format helps AI understand exactly what you need.
Security prompts are first for a reason - vibe coders ship fast, and security often gets skipped. Run a security audit prompt on any code that handles user input, authentication, or database queries before deploying.
All prompts work with ChatGPT, Claude, Cursor, Claude Code, GitHub Copilot, and other AI assistants. Tool-specific features like @file references are noted.
Prompts by category
Security Prompts
Prompts for finding and fixing vulnerabilities
Security Audit
Comprehensive security review
Review this code for security vulnerabilities:
[PASTE CODE HERE]
Check for:
1. SQL injection (string concatenation in queries)
2. Hardcoded secrets (API keys, passwords, tokens)
3. Missing input validation
4. Missing authentication/authorization checks
5. XSS vulnerabilities (unsanitized output)
6. Path traversal (user input in file paths)
For each issue found:
- Describe the vulnerability
- Show the vulnerable line
- Explain the risk
- Provide the fixed codeFix SQL Injection
Convert vulnerable queries to safe ones
Convert this SQL query to use parameterized queries:
[PASTE QUERY HERE]
Requirements:
- Use parameterized queries, not string concatenation
- Show both the query and the parameter array
- Use the [LANGUAGE/FRAMEWORK] syntax (e.g., pg for Node, prisma, etc.)
- Explain why the original was vulnerable
Return the safe version ready to use.Add Input Validation
Generate Zod schemas for validation
Create input validation for this data structure:
[DESCRIBE DATA OR PASTE INTERFACE/TYPE]
Requirements:
- Use Zod for TypeScript (or [PREFERRED LIBRARY])
- Validate all fields with appropriate constraints
- Include error messages for each validation
- Add .transform() for data sanitization where needed
- Show usage example with error handling
Generate both the schema and a validation function.Auth Middleware Check
Verify auth on all routes
Review these API routes for authentication issues:
[PASTE ROUTE CODE]
Check for:
1. Routes missing authentication checks
2. Authentication checked but authorization (permissions) missing
3. IDOR vulnerabilities (accessing resources without ownership check)
4. Session/token validation issues
For each issue:
- Identify the vulnerable route
- Explain what's missing
- Provide the secure implementation
Use [FRAMEWORK] patterns (Express, Next.js, etc.).Prompt engineering tips
These principles make any prompt more effective. Apply them when customizing templates or writing your own.
Be Specific
Replace "fix this" with "fix the null pointer exception on line 42 when user.name is undefined"
❌ "Make this better"
✅ "Refactor to use early returns and extract validation logic into a separate function"Include Context
Tell the AI what framework, language version, and constraints you are working with
❌ "Add authentication"
✅ "Add JWT authentication to this Next.js 14 API route using jose library"Use Examples
Show input/output pairs or reference existing code patterns
❌ "Format like our codebase"
✅ "Format like this existing component: [paste example]"Structure Complex Prompts
Use sections for Context, Task, Constraints, and Examples
## Context
[Background info]
## Task
[What to do]
## Constraints
[Limitations]
## Example
[Sample]Tool-specific usage
Each AI tool has features that enhance these prompts.
Cursor
Use @file to reference specific files. Save frequently-used prompts as custom rules in .cursor/rules/
Claude Code
Add project context to CLAUDE.md. Claude Code has full codebase context automatically.
ChatGPT/Claude
Include all relevant code in the prompt since there is no file access. Use code blocks with language tags.
AGENTS.md GuideGitHub Copilot
Use comments as inline prompts. Configure via .github/copilot-instructions.md
Frequently asked questions
What makes a good AI coding prompt?
Good prompts are specific, structured, and include context. Instead of "fix this code," describe the problem, include the relevant code, specify the expected behavior, and mention any constraints. Include security requirements for code that handles user input or sensitive data.
Do these prompts work with all AI coding tools?
Yes. These prompts work with ChatGPT, Claude, Cursor, Copilot, Cline, Windsurf, and other AI assistants. The principles are universal - clear instructions, structured format, and specific context. Tool-specific features like @file references are noted where applicable.
How do I customize prompts for my project?
Replace bracketed placeholders like [LANGUAGE] and [FRAMEWORK] with your specifics. Add project-specific context like your coding standards or security requirements. For Cursor or Claude Code, save customized prompts in .cursor/rules/ or CLAUDE.md for consistent use.
Should I include security requirements in every prompt?
Yes, for any code that handles user input, database queries, authentication, or file operations. AI tools generate functional code by default, not secure code. Explicit security requirements like "use parameterized queries" prevent vulnerabilities in the generated code.
How long should my prompts be?
Long enough to be clear, short enough to be focused. Include necessary context but avoid redundant information. A typical coding prompt is 50-200 words. For complex tasks, use structured sections (Context, Task, Constraints, Examples) to organize longer prompts.
What is prompt chaining?
Breaking complex tasks into sequential prompts where each builds on the previous output. Instead of "build a complete auth system," first prompt for the database schema, then the signup flow, then login, then session management. Each step can be reviewed before proceeding.
How do I make AI follow my coding style?
Include examples of your preferred style in the prompt, or reference existing files. In Cursor, use @file to reference examples. In Claude Code, add style preferences to CLAUDE.md. Phrases like "match the style of existing code" work when the AI has context about your codebase.
Scan Your AI-Generated Code
Prompts help generate better code, but they don't catch everything. VibeShip Scanner automatically detects hardcoded secrets, SQL injection, and missing auth.
Scan Your Code FreeRelated guides
External resources
- Anthropic Prompt Engineering Guide
- OpenAI Prompt Engineering Guide
- Prompting Guide - Community resource
- Awesome Cursor Rules - 36k+ stars