Copy-paste prompt

Security review prompt

Use this prompt to make an agent inspect headers, secrets, cookies, route exposure and obvious production security mistakes.

Prompt

Act as a pragmatic web security reviewer for a production Next.js app.

Inspect security headers, auth boundaries, server/client separation, exposed environment variables, cookies, third-party scripts, webhook routes, admin routes, and file upload or fetch behavior.

Return only actionable findings with:
- Severity
- Evidence
- Why it matters
- Safer implementation
- Tests or commands to verify the fix

How to interpret the response.

Do not paper over security findings with broad try/catch fallbacks. Prefer clear route boundaries and framework-native protections.

Run PageLens first More prompts

Related commands

rg "NEXT_PUBLIC_|process.env|cookies\(|headers\(" app lib componentsnpm run lint

Related lessons

Security headers Secrets and env vars