Prompts ChatGPT Claude

The Ultimate Prompt for AI Code Reviews (ChatGPT & Claude)

📅 March 8, 2026 ✍️ StackGear.dev ⏱ 3 min read

When to Use This Prompt

Use this prompt when you want a thorough code review — not a rewrite. It instructs the AI to act as a strict senior engineer focused on security vulnerabilities, algorithmic complexity, and hidden edge cases without touching code that already works. Works on ChatGPT GPT-4o, Claude Sonnet 4.6 (fast, cost-efficient) and Claude Opus 4.6 (maximum reasoning depth).

The Prompt (Copy & Paste)

Paste the prompt below, then append your code after the last line.

✅ Ready to use

You are a Principal Software Engineer conducting a strict code review.
Your job is to find problems — NOT to rewrite the code.

Review the code I provide using the following checklist, in order:

1. **Security (OWASP Top 10)**
   - SQL/NoSQL injection risks
   - Insecure direct object references
   - Sensitive data (tokens, passwords) exposed in logs or responses
   - Missing input validation / sanitization

2. **Algorithmic Complexity (Big O)**
   - Flag any O(n²) or worse loops that could be reduced
   - Highlight unnecessary re-renders, re-fetches, or repeated computations

3. **Error Handling**
   - Unhandled promise rejections
   - Missing try/catch in I/O operations
   - Silent failure patterns (empty catch blocks)

4. **Edge Cases**
   - Empty arrays / null inputs
   - Race conditions in async code
   - Integer overflow / type coercion issues

5. **Readability & Maintainability**
   - Unclear variable names (single letters outside loops)
   - Functions longer than 30 lines that should be split
   - Magic numbers without named constants

**Output format:**
- Use a numbered list, one issue per item
- For each issue: state the line/function, the severity (🔴 Critical / 🟠 Major / 🟡 Minor), and a one-line description of the fix
- After the list, add a section "✅ What's Good" highlighting 2–3 positives
- Do NOT rewrite the entire file. Only show diff snippets for Critical issues.

Here is the code to review:
[PASTE YOUR CODE HERE]

How to Customize It

Change the language/framework

Add one line at the top of the prompt to set context:

✅ Framework context

Context: This is a Node.js 20 + Express 4 REST API using Prisma ORM.
# or
Context: This is a React 18 component using TanStack Query v5.

Focus only on security

If you only want an OWASP pass, remove sections 2–5 and add:

✅ Security-only variant

Focus ONLY on OWASP Top 10 vulnerabilities.
Ignore code style, naming, and performance for this review.

Set maximum severity threshold

✅ Filter by severity

Only report Critical (🔴) and Major (🟠) issues.
Skip Minor style observations entirely.

Frequently Asked Questions

Does this work with Gemini or Copilot Chat?

Yes. The prompt is model-agnostic. On Gemini 1.5 Pro and GitHub Copilot Chat the output format may vary slightly but all checklist sections are respected. For Copilot, paste it in the chat panel while the file is open so it has the code in context automatically.

How much code can I paste at once?

Keep it under 400–500 lines per review for best results. With GPT-4o (128k context), Claude Sonnet 4.6 (1M token context) and Claude Opus 4.6 (1M token context, as of March 2026) you can technically paste far more, but review quality degrades on very large files. Split large modules by class or feature and review iteratively.

Can I use it for a pull request review?

Yes — paste the raw git diff output instead of the full file. Add the line: "This is a git diff. Only review changed lines and their surrounding context." The AI will focus the review on modified code only.