The Best AI Prompts for Code Review (Works with Any AI Tool)
The quality of AI code reviews hinges primarily on prompt design rather than the underlying model. Generic requests yield shallow feedback, whereas targeted prompts focused on specific concerns—security, performance, naming conventions—produce actionable insights that catch real issues.
These prompts function across ChatGPT, Claude, Copilot Chat, and Gemini. Rather than rewriting identical prompts for each pull request, you can save them for reuse. The author has employed similar versions for approximately one year and reports they've identified genuine bugs.
General Code Review
1. Comprehensive Review
Review the following code for: (1) bugs and logic errors, (2) security vulnerabilities,
(3) performance issues, (4) readability and naming. For each issue, point to the specific
line or section and suggest a concrete fix.
{{clipboard}}
2. Quick Scan
I'm going to paste some code. Without going deep, tell me the 3-5 things that stand
out most as potential problems. Don't give me an essay — just flag what catches
your eye.
{{clipboard}}
3. Senior Engineer Review
Review this code as a senior engineer doing a real code review. Be direct and specific.
Point out what's genuinely wrong, what's debatable, and what's fine. If something is
subjective, say so. Don't pad the response with praise.
{{clipboard}}
4. Junior Developer Focused Review
Review this code in a way that helps a junior developer learn. Explain not just what
to change but why it matters. Balance encouragement with honesty — point out what's
done well alongside what needs improvement.
{{clipboard}}
Security Review
These prompts apply to code handling user input, authentication, or sensitive information.
5. Security Audit
Audit this code for security vulnerabilities. Check for: SQL injection, XSS, CSRF,
insecure deserialization, broken authentication, improper input validation, hardcoded
secrets, and any OWASP Top 10 concerns. Explain each issue and how to fix it.
{{clipboard}}
6. Authentication and Authorization Review
Review this code specifically for authentication and authorisation issues. Are
permissions checked correctly? Are there any privilege escalation paths? Is session
handling secure? Is user input trusted when it shouldn't be?
{{clipboard}}
7. Data Handling Security
Review how this code handles sensitive data. Is it encrypted at rest and in transit?
Is it logged anywhere it shouldn't be? Are there any places where sensitive data could
be exposed in errors or responses?
{{clipboard}}
8. Input Validation Review
Review the input validation in this code. Is all user input validated and sanitised
before use? Are there any paths where unvalidated input reaches a database, shell
command, or file system?
{{clipboard}}
Performance Review
9. Performance Analysis
Analyse this code for performance issues. Identify: expensive operations that could
be cached, unnecessary iterations or nested loops, N+1 query patterns, blocking
operations, and memory inefficiencies. Suggest specific improvements.
{{clipboard}}
10. Database Query Review
Review these database queries for performance. Check for: missing indexes, N+1 patterns,
unnecessary data fetching, missing query limits, and any queries that will degrade at
scale.
{{clipboard}}
11. Memory Usage Review
Review this code for memory issues. Look for: memory leaks, large in-memory data
structures that could be streamed, unnecessary object creation in hot paths, and
anything that could cause issues under load.
{{clipboard}}
Readability and Maintainability
12. Naming and Clarity Review
Review the naming in this code — variables, functions, classes, and modules. Is
everything named clearly enough that someone new could understand the intent? Suggest
specific renames for anything that's ambiguous or misleading.
{{clipboard}}
13. Complexity and Simplification
Where is this code more complex than it needs to be? Identify over-engineering,
unnecessary abstractions, convoluted logic that could be simplified, and any "clever"
code that should be made boring instead.
{{clipboard}}
14. Maintainability Review
Review this code from the perspective of long-term maintenance. Is it readable to a
new developer? Is the logic well-encapsulated? Are dependencies clear? What would make
this harder to change in 6 months?
{{clipboard}}
15. Code Smell Identification
Identify code smells in this code: long functions doing too many things, deep nesting,
repeated logic, magic numbers, poor separation of concerns, and anything that violates
single responsibility. Don't fix them — just name them and explain why they're a
problem.
{{clipboard}}
Architecture and Design
16. API Design Review
Review this API design. Evaluate: naming conventions, RESTful principles (if applicable),
error handling approach, response structure consistency, versioning considerations, and
developer experience. Suggest specific improvements.
{{clipboard}}
17. Function Design Review
Review the design of this function. Does it do one thing? Is the interface clean?
Are the parameters sensible? Should it be split up? Is the return type appropriate?
{{clipboard}}
18. Error Handling Review
Review the error handling in this code. Are all error cases handled? Are errors
propagated correctly? Are error messages useful for debugging? Is there anything that
fails silently or swallows errors?
{{clipboard}}
19. Dependency and Coupling Review
Review the dependencies and coupling in this code. Are there tight couplings that
would make testing or replacing components difficult? Are there any circular
dependencies? Could the architecture be improved for testability?
{{clipboard}}
Testing
20. Test Quality Review
Review these tests. Do they actually test the right things? Are there edge cases
missing? Are the tests too brittle (testing implementation details instead of
behaviour)? Are the assertions meaningful?
{{clipboard}}
21. Test Coverage Gaps
Here's the production code and the tests for it. What's not covered by the tests?
What edge cases, error paths, or scenarios are missing? List them specifically.
Code: {{clipboard}}
22. Test Setup and Teardown Review
Review the test setup and teardown in this file. Are tests isolated from each other?
Are mocks set up correctly? Could any tests interfere with others? Is the test data
setup realistic?
{{clipboard}}
Pull Request Review
23. PR Diff Review
I'm reviewing this pull request. Go through the diff and check for: (1) logic
correctness, (2) edge cases not handled, (3) test coverage gaps, (4) anything that
could break existing behaviour, (5) naming or style issues. Be specific about file
and line references where possible.
{{clipboard}}
24. PR Description Review
Review this PR description. Is it clear what problem is being solved? Is the approach
explained? Are there testing instructions? Are there any risks or edge cases the
reviewer should know about?
{{clipboard}}
25. PR Summary for Non-Technical Stakeholders
Summarise this pull request in plain English for a non-technical stakeholder. What
problem does it solve? What changed? Is there any risk? What should they know about
it?
{{clipboard}}
Using These Prompts Effectively
Pick the Right AI Tool
Different models excel at different aspects of code review. There are specialized guides for ChatGPT and Claude specifically optimized for developer workflows.
Be Specific About Review Scope
Broad requests like "review this code" produce shallow assessments. Targeted prompts addressing particular concerns — "specifically for security" — yield focused, useful feedback. Match the prompt to your review objective.
Include Necessary Context
Provide relevant code sections rather than entire files. When code interacts with database schemas or external APIs, include those details too.
Leverage the {{clipboard}} Pattern
Copy code first, then execute the prompt. The clipboard automatically injects content, accelerating the workflow compared to manual copy-paste operations.
Run Focused Multiple Reviews
Security and performance reviews identify different issues. Execute multiple specialized reviews on critical code rather than attempting comprehensive coverage in one prompt.
If you're doing regular AI-assisted code reviews, keeping these prompts accessible saves real time. Promptzy stores them as Markdown files and pastes them into Copilot Chat, Claude, or ChatGPT in under two seconds — no hunting for templates mid-review. The {{clipboard}} token handles the code injection automatically.
Originally published at promptzy.app/blog
Top comments (0)