DEV Community: 七品

The Prompt Engineering Guide: FLUX vs Midjourney vs Stable Diffusion vs DALL-E 3

七品 — Sun, 31 May 2026 17:24:40 +0000

The Prompt Engineering Guide: FLUX vs Midjourney vs Stable Diffusion vs DALL-E 3

If you've used AI image generators, you know the frustration: the same prompt gives wildly different results across models. What works on Midjourney looks terrible on Stable Diffusion. What works on DALL-E 3 doesn't work on FLUX.

I've spent months testing across all four major models. Here's what I've learned about crafting prompts that work — and the patterns that transfer across models.

The Universal Prompt Architecture

Every great prompt follows this structure, regardless of model:

[SUBJECT] + [ACTION] + [ENVIRONMENT] + [LIGHTING] + [STYLE] + [MOOD] + [COMPOSITION] + [COLORS] + [QUALITY]

Component Breakdown

Component	Purpose	Example
Subject	Main focus	"A Siberian husky"
Action	What they're doing	"running through snow"
Environment	Background	"in a dense pine forest"
Lighting	Light source	"golden hour, soft volumetric"
Style	Aesthetic	"cinematic, photorealistic"
Mood	Emotional tone	"peaceful, majestic"
Composition	Framing	"wide angle, rule of thirds"
Colors	Palette	"cool blues and warm oranges"
Quality	Technical	"8K, highly detailed"

The secret most people miss: lighting alone can transform a mediocre prompt into a stunning image.

Model-Specific Strategies

FLUX — Best for Photorealism

FLUX excels at hands, faces, and text rendering. It's the best choice for photorealistic results.

Best prompt structure for FLUX:
cinematic photograph of [subject], [action], [environment], [lighting], 
ultra-detailed, 8K, shot on Sony A7R IV, 85mm lens, f/1.8, shallow 
depth of field, natural textures

Strengths: Anatomy, text in images, complex compositions
Weaknesses: Less style flexibility than Midjourney

Midjourney — Best for Artistic Work

Midjourney shines at stylized, creative, and artistic outputs. Use parameters for control.

Best prompt structure for Midjourney:
[subject] [action], [environment], [lighting], [style], [mood] 
--ar 16:9 --v 6.1 --s 250 --style raw

Key parameters:

--ar — aspect ratio (16:9, 4:3, 1:1, 9:16)
--s — stylization (0-1000, higher = more artistic)
--style raw — more photorealistic, less "beautification"
--no — what to exclude

Stable Diffusion — Best for Control

SD gives you the most control through CFG scale, samplers, and LoRA models.

Best prompt structure for SD:
masterpiece, best quality, [subject], [action], [environment], 
[lighting], [style], [colors]

Negative prompt: ugly, tiling, poorly drawn, deformed, blurry, bad anatomy

Key settings: CFG scale 7-12, DPM++ 2M Karras sampler

DALL-E 3 — Best for Complex Scenes

DALL-E 3 understands natural language best. Write in complete sentences.

Best prompt structure for DALL-E 3:
[Detailed natural language description of the scene, including 
subject, action, environment, lighting, style, and mood. 
Be specific about composition and details.]

The Lighting Cheatsheet

The single highest-ROI change you can make to your prompts:

Lighting Type	Effect	Prompt Keywords
Golden Hour	Warm, soft, directional	"golden hour, warm sunlight, long shadows"
Blue Hour	Cool, moody, twilight	"blue hour, twilight, cool tones, dusk"
Rembrandt	Classic portrait	"Rembrandt lighting, triangle of light"
Backlight	Silhouette, rim light	"backlit, rim light, dramatic silhouette"
Soft Diffuse	Even, flattering	"soft diffused lighting, overcast, softbox"
Hard Light	Harsh shadows, dramatic	"hard light, harsh shadows, high contrast"
Volumetric	Light rays	"volumetric lighting, god rays, crepuscular"

Pro tip: Always specify lighting. It's the most underused prompt component.

Common Mistakes and Fixes

Mistake	Symptom	Fix
Overloaded prompt	Weird combinations	1 subject + 3-4 max descriptors
Conflicting styles	Mushy results	Pick ONE style and commit
Wrong aspect ratio	Cropped subjects	Specify `--ar` or "wide shot"
Too many quality words	No effect	"8K, highly detailed" once is enough
Missing lighting	Flat, boring	Always specify lighting source

100+ Templates at Your Fingertips

I've compiled all of this knowledge — and much more — into a AI Prompt Engineer skill for Claude Code, available for $10.

It includes:

100+ template prompts organized by category (portraits, landscapes, sci-fi, product shots, etc.)
Model-specific prompt structures for FLUX, Midjourney, SD, and DALL-E 3
Complete lighting reference with keywords
Style reference guide (20+ styles with model recommendations)
Prompt testing workflow for iterative refinement

# Installation is one command:
mv ai-prompt-engineer ~/.claude/skills/
# Then ask Claude: "Create a cinematic portrait prompt for FLUX"

Better prompts, better images. 🎨

Automated Security Audits for Your Codebase Using Claude Code

七品 — Sun, 31 May 2026 16:57:44 +0000

Automated Security Audits for Your Codebase Using Claude Code

Let's be honest: most of us aren't security experts. But we're shipping code to production, handling user data, and integrating with third-party APIs. One SQL injection, one exposed API key, one JWT misconfiguration — and you're dealing with a security incident.

I built a Claude Code skill that acts as a security-focused code reviewer. Here's how it works and how you can use it to catch vulnerabilities before they reach production.

The Problem: Security Is an Afterthought

In my experience, security reviews usually happen:

After a breach — the worst time
Before a major audit — rushed and stressful
Never — most common for indie devs and small teams

The typical excuses:

"I don't know what to look for"
"A proper security audit costs thousands"
"I'll fix it in the next sprint" (famous last words)

The Solution: Automated Pattern-Based Auditing

The key insight is that most security vulnerabilities follow recognizable patterns. SQL injection has a pattern. Insecure deserialization has a pattern. JWT alg:none attacks have a pattern.

Once you know the patterns, you can automate the detection.

I created a Code Security Guardian skill that encodes 200+ vulnerability patterns across 6 languages.

Live Audit: What It Catches

Let me walk through a real audit session. I pointed the skill at a typical FastAPI application and asked for a security review.

What It Found

🔴 CRITICAL: SQL Injection via F-String

# ❌ Vulnerable code
cursor.execute(f"SELECT * FROM users WHERE id = {user_input}")

The skill immediately flagged this and provided the fix:

# ✅ Parameterized query
cursor.execute("SELECT * FROM users WHERE id = %s", (user_input,))

🔴 HIGH: Insecure Deserialization

# ❌ Vulnerable
import pickle
data = pickle.loads(untrusted_data)

Fix:

# ✅ Use JSON or validated schemas
import json
data = json.loads(untrusted_data)

🟡 MEDIUM: Hardcoded Secret

# ❌ Bad
API_KEY = "sk-abc123def456"

Fix:

# ✅ Use environment variables
import os
API_KEY = os.environ.get("API_KEY")

Languages Covered

The skill scans for language-specific vulnerabilities:

Language	Vulnerability Types
Python	Command injection, SQLi, insecure deserialization, weak crypto
JavaScript/TS	XSS, prototype pollution, JWT attacks, eval injection
Go	SQL injection, race conditions, path traversal
Rust	Unsafe blocks, unwrap misuse
Solidity	Reentrancy, access control, unprotected selfdestruct
Java	XXE, LDAP injection

The Auth Audit Checklist

One of the most useful features is the authentication audit. Here's a condensed version of the checklist the skill uses:

✅ Passwords hashed with bcrypt (cost ≥ 12) or argon2id?
✅ JWT signed with RS256 (not HS256 for cross-service)?
✅ JWT expiry < 15 minutes for access tokens?
✅ Refresh tokens stored securely (httpOnly, Secure, SameSite=Strict)?
✅ MFA enforced for admin accounts?
✅ Rate limiting on auth endpoints? (≤5 attempts/min)
✅ Account lockout after N failed attempts?
✅ Password reset tokens single-use + expire in 15 min?

Each item links to the specific code pattern to look for and how to fix it.

The API Security Check

For every API endpoint, it checks:

✅ Authentication required
✅ Rate limiting (global + per-endpoint)
✅ Input validation (type, format, length, range)
✅ Output encoding (no raw user data in responses)
✅ CORS configured (specific origins, not *)
✅ CSRF tokens for state-changing requests
✅ No sensitive data in URLs
✅ Request size limits enforced

Why "Fix It Later" Is Dangerous

Most security vulnerabilities aren't complex — they're oversights. That eval(user_input) you left in during debugging. That JWT secret you hardcoded "temporarily". That password stored in MD5 because "the database team said so."

These aren't sophisticated attacks. They're pattern failures. And patterns can be automated.

The Code Security Guardian skill on Gumroad for $10 is my attempt to make security auditing accessible to every developer, not just teams with security budgets.

Getting Started

Installation is simple:

# Clone the skill to your Claude Code directory
mv code-security-guardian ~/.claude/skills/
# Restart Claude Code — it loads automatically

Then just ask:

"Audit this Python file for security issues"
"Check my JWT authentication implementation"
"Review my Dockerfile for security issues"

No API keys needed. Works entirely offline.

Ship secure code. 🛡️

How I Built a Pine Script Trading Bot in 10 Minutes with Claude Code

七品 — Sun, 31 May 2026 16:57:42 +0000

How I Built a Pine Script Trading Bot in 10 Minutes with Claude Code

Ever had a trading idea pop into your head, only to spend hours (or days) coding it up, debugging it, and finally getting it onto a chart?

I've been there too many times. So I built a Claude Code skill that encodes everything I've learned about quant strategy development. Now when I have an idea, I describe it in plain English and get production-ready Pine Script in under 10 minutes.

Here's exactly how it works.

The Problem: From Idea to Chart Is Too Slow

The typical workflow looks like this:

Trading idea 💡
  ↓ 5 minutes
Open TradingView
  ↓ 30-60 minutes
Write Pine Script from scratch
  ↓ 15-30 minutes
Debug syntax errors
  ↓ 30+ minutes
Add risk management, position sizing
  ↓ ??? minutes
Backtest and iterate

For a simple moving average crossover, that's manageable. But for anything more complex — multi-timeframe analysis, volatility-adjusted position sizing, or pairs trading — you're looking at hours before you even see a chart.

The Solution: A Claude Code Skill for Quant Strategy

I created a Quant Strategy Developer skill for Claude Code. Think of it as a specialized "trading strategy co-pilot" that already knows:

5 battle-tested strategy templates (trend, mean reversion, breakout, momentum, pairs)
Professional risk management frameworks
Pine Script v6 syntax and best practices
Multi-timeframe analysis patterns
Position sizing methods (Kelly, Fixed Fractional, Volatility-Adjusted)

Instead of writing code from scratch, I just describe what I want.

Live Demo: Building a BTC Trend Strategy

Let me walk through a real example. I wanted a Bitcoin trend-following strategy for the 4-hour chart.

Step 1: Describe the idea

I told Claude Code:

"Create a BTC trend following strategy for the 4h chart. Use EMA crossover with ATR-based stop loss and risk-based position sizing."

Step 2: Get production-ready code

Within seconds, Claude generated this:

//@version=6
indicator("[quant] Trend Following Strategy", overlay=true)

// ---- Inputs ----
fastLen = input.int(20, "Fast MA Length")
slowLen = input.int(50, "Slow MA Length")
atrLen  = input.int(14, "ATR Length")
riskPct = input.float(1.0, "Risk per Trade (%)") / 100

// ---- Core Logic ----
fastMA = ta.sma(close, fastLen)
slowMA = ta.sma(close, slowLen)
atr    = ta.atr(atrLen)

// Entry: fast MA crosses above slow MA (uptrend)
longCondition = ta.crossover(fastMA, slowMA)
// Exit: fast MA crosses below slow MA
exitCondition = ta.crossunder(fastMA, slowMA)

// ---- Position Sizing (Risk-Based) ----
positionSize = strategy.equity * riskPct / atr

if (longCondition)
    strategy.entry("Long", strategy.long, qty=positionSize)
if (exitCondition)
    strategy.close("Long")

Step 3: Add risk management

When I asked it to add proper risk management, it enhanced the strategy with:

ATR-based trailing stop (Chandelier exit)
Drawdown controls (reduce size at 10% drawdown, pause at 20%)
Volatility filter (skip trades during low-volatility regimes)

Step 4: Backtest-ready output

It also generated a Python backtesting script:

import pandas as pd
import numpy as np

def backtest_ema_crossover(data, fast=20, slow=50, atr_period=14, risk_pct=0.01):
    """Backtest EMA crossover strategy with ATR-based risk management."""
    data['fast_ema'] = data['close'].ewm(span=fast).mean()
    data['slow_ema'] = data['close'].ewm(span=slow).mean()
    data['atr'] = data['high'].rolling(atr_period).apply(
        lambda x: (x.max() - x.min()) if len(x) == atr_period else 0
    )

    # Generate signals
    data['signal'] = 0
    data.loc[data['fast_ema'] > data['slow_ema'], 'signal'] = 1
    data.loc[data['fast_ema'] <= data['slow_ema'], 'signal'] = -1

    # Position sizing
    data['position'] = data['equity'] * risk_pct / data['atr']

    # ... full backtest logic included
    return data

The whole process — from idea to a backtest-ready strategy — took under 10 minutes.

What Else Can It Generate?

The skill isn't limited to trend following. It includes templates for:

Strategy Type	Best For	Timeframe
Trend Following	Strong trending markets	4h - Daily
Mean Reversion	Range-bound markets	15m - 1h
Breakout / Volatility	Volatility expansions	Any
Momentum Divergence	Exhaustion/reversals	1h - 4h
Pairs Trading	Correlated assets	1h - Daily

For each strategy, you get Pine Script code, Python backtesting code, and reference documentation for the theory behind it.

Why This Matters

The biggest bottleneck in algorithmic trading isn't having ideas — it's translating those ideas into code fast enough to test them before the market moves on.

By using Claude Code with a specialized quant skill, I've cut my strategy development time from hours to minutes. The real win isn't just speed — it's being able to test 5-10 variations of an idea in the time it used to take to test one.

Try It Yourself

If you're interested, I've packaged this into a Quant Strategy Developer skill available on Gumroad for $15 (one-time, lifetime access).

It includes:

5 strategy templates with full Pine Script code
Professional risk management framework
Complete technical indicator reference
Parameter optimization guide
Backtest reliability checklist

Or if you're the DIY type — the strategies above are a solid starting point. Clone them, tweak them, make them your own.

Happy trading! 📈