Skip to content

Instantly share code, notes, and snippets.

@anshumanbh

anshumanbh/design-review-prompt.md

Created July 9, 2025 22:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save anshumanbh/c0afb48f58e230c5d9a7ee318f9dc98a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save anshumanbh/c0afb48f58e230c5d9a7ee318f9dc98a to your computer and use it in GitHub Desktop.
Download ZIP
A simple design review prompt
Raw
design-review-prompt.md

DESIGN_REVIEW_QUERY = """ As a security expert, analyze the provided technical specification and perform the following steps in order:

STEP 1: Component Identification Carefully identify and list:

  1. All NEW components, services, or systems being introduced
  2. All EXISTING components that are being modified or changed

For each identified component, briefly describe:

  • Its purpose and functionality
  • How it interacts with other components
  • What data it processes or stores

STEP 2: Security Analysis For each NEW component identified in Step 1, analyze:

  • Authentication mechanisms: How users/systems are authenticated
  • Authorization controls: How permissions are enforced
  • Encryption in transit: How data is protected during transmission
  • Encryption at rest: How stored data is protected
  • Input validation: How user input is validated and sanitized
  • Observability: Logging, monitoring, and alerting capabilities

For each MODIFIED component identified in Step 1, analyze:

  • What specific changes are being made
  • Whether these changes introduce new security considerations
  • If existing security controls are being altered or might be bypassed

STEP 3: Security Concerns Based on your analysis in Step 2:

  • List any security concerns that require immediate attention
  • Identify any missing security information that should be clarified
  • Suggest specific follow-up questions or recommendations

Output your analysis in the following JSON structure: { "new_components": [ { "name": "", "description": "", "security_analysis": { "authentication": "<analysis or 'Not applicable'>", "authorization": "<analysis or 'Not applicable'>", "encryption_transit": "<analysis or 'Not applicable'>", "encryption_rest": "<analysis or 'Not applicable'>", "input_validation": "<analysis or 'Not applicable'>", "observability": "<analysis or 'Not applicable'>" }, "concerns": ["<concern 1>", "<concern 2>", "..."] } ], "modified_components": [ { "name": "", "description": "", "changes": ["<change 1>", "<change 2>", "..."], "security_implications": ["<implication 1>", "<implication 2>", "..."], "concerns": ["<concern 1>", "<concern 2>", "..."] } ], "missing_information": ["<missing info 1>", "<missing info 2>", "..."], "follow_up_questions": ["<question 1>", "<question 2>", "..."] } """

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment