Quick Start
Get a Manicode code security prompt running in your workflow in minutes.
Step 1: Find Your Prompt
Browse the Prompt Library (328 code security prompts) or the Skills Library (267 skills with structured metadata). Each targets a specific framework.
| If you work with... | Look for... |
|---|---|
| Node.js / Express / Fastify | Node.js code security prompt or skill |
| Python / Django / Flask / FastAPI | Python code security prompt or skill |
| Java / Spring Boot | Java code security prompt or skill |
| Go | Go code security prompt or skill |
| React / Next.js | React or Next.js code security prompt or skill |
| .NET / ASP.NET Core | .NET code security prompt or skill |
| Ruby on Rails | Ruby on Rails code security prompt or skill |
| Rust | Rust code security prompt or skill |
Step 2: Choose Your Deployment Method
Pick the method that matches how you work.
Option A: Paste into a Web Chat Interface
The simplest approach. Open your preferred AI chat interface and paste the prompt into the system instructions.
ChatGPT:
- Create a new Project in ChatGPT
- Paste the prompt into the Project instructions
- All conversations in that project will enforce the security rules
Claude:
- Create a new Project on claude.ai
- Paste the prompt into the project instructions
- All conversations in that project use the security prompt
Google AI Studio:
- Create a new prompt in AI Studio
- Paste the prompt into the System Instructions field
See Web Chat Interfaces for detailed setup instructions.
Option B: Add to Your IDE
Most AI-powered IDEs support project-level custom instructions. Create the appropriate config file in your repository root:
| IDE / Tool | File to create |
|---|---|
| GitHub Copilot | .github/copilot-instructions.md |
| Cursor | .cursor/rules/security.mdc |
| Windsurf | .windsurfrules |
| JetBrains AI | .junie/guidelines.md |
| Cline / Roo Code | .clinerules |
| Amazon Q Developer | .amazonq/rules/security.md |
Paste the full prompt or SKILL.md content into the file and commit it. Every developer on the team gets the security rules automatically.
See IDE Integrations for detailed setup per tool.
Option C: Configure Your Coding Agent
AI coding agents that operate autonomously benefit the most from security prompts, since they make decisions and write code without constant human oversight.
| Agent | File to create |
|---|---|
| Claude Code | CLAUDE.md |
| OpenAI Codex | AGENTS.md |
| Aider | CONVENTIONS.md |
| Windsurf Cascade | .windsurfrules |
| Cursor Agent | .cursor/rules/security.mdc |
| Amazon Q CLI | .amazonq/rules/security.md |
Paste the full prompt or SKILL.md content into the file and commit it.
See AI Coding Agents for detailed setup per agent.
Option D: Call via API
For automated workflows, CI/CD pipelines, or custom tooling, pass the prompt as the system message in an API call.
OpenAI:
from openai import OpenAI
client = OpenAI()
with open("prompts/node-security.md") as f:
security_prompt = f.read()
response = client.chat.completions.create(
model="gpt-4o",
messages=[
{"role": "system", "content": security_prompt},
{"role": "user", "content": "Write an Express.js login endpoint"}
]
)
Anthropic:
import anthropic
client = anthropic.Anthropic()
with open("prompts/python-security.md") as f:
security_prompt = f.read()
message = client.messages.create(
model="claude-sonnet-4-6",
max_tokens=4096,
system=security_prompt,
messages=[
{"role": "user", "content": "Write a Django authentication view"}
]
)
Google Gemini:
from google import genai
client = genai.Client()
with open("prompts/java-security.md") as f:
security_prompt = f.read()
response = client.models.generate_content(
model="gemini-2.0-flash",
config=genai.types.GenerateContentConfig(
system_instruction=security_prompt
),
contents="Write a Spring Boot REST controller with authentication"
)
See API and Programmatic Usage for more examples including OpenRouter, dynamic prompt selection, and CI/CD integration.
Step 3: Verify It Works
Test the prompt by asking the AI to generate code that typically has security implications:
- "Write a login endpoint" — should include password hashing, rate limiting, and secure session handling
- "Write a file upload handler" — should include file type validation, size limits, and path traversal prevention
- "Write a database query" — should use parameterized queries, not string concatenation
If the generated code includes security controls unprompted, the prompt is working.
Next Steps
- Prompt Library — Browse all 328 code security prompts
- Skills Library — 267 skills with structured metadata and router discovery
- Team and Enterprise Deployment — Scale prompts across your organization
- Prompt Delivery — How Manicode delivers updates to your repo
Limitations
- Prompts influence but do not guarantee model behavior. LLMs are non-deterministic — the same prompt and input can produce different outputs across runs.
- Security prompts reduce but do not eliminate insecure code generation. Always review LLM output before using it in production.
- Prompts do not replace static analysis (SAST), dynamic testing (DAST), dependency scanning, or manual code review.