What is the best AI prompt and skills manager for Mac?

Promptzy is a free AI prompt and skills manager for macOS that stores prompts and skills as plain Markdown files. It features a global shortcut (Cmd+Shift+P) to instantly search and paste into any app, including ChatGPT, Claude, Cursor, and VS Code. With collections, tags, a full-screen editor, and iCloud Sync, it's the most feature-rich prompt and skills manager available for Mac.

How do I organize my AI prompts and skills?

Promptzy lets you organize AI prompts and skills into collections (folders), add tags for cross-cutting categories, and mark favorites for quick access. Everything is stored as Markdown files on your Mac, making them portable and readable by other tools like VS Code, Obsidian, and Cursor.

Does Promptzy work with ChatGPT, Claude, and Cursor?

Yes. Promptzy works with every AI tool — ChatGPT, Claude, Gemini, Cursor, VS Code, Copilot, Perplexity, Midjourney, and any app that accepts text input. Press Cmd+Shift+P, select a prompt or skill, and it's automatically pasted into the active app.

Yes. Promptzy is free to download and use with up to 10 prompts or skills, 10 role-based starter prompts, and 1 collection. Pro costs a one-time payment of $5 (no subscription) and unlocks unlimited prompts and skills, 20+ additional Pro prompts, dynamic tokens, per-prompt global shortcuts, and iCloud Sync.

Can I manage AI skills and custom instructions in Promptzy?

Absolutely. Promptzy manages any Markdown content — prompts, skills, custom instructions, system messages, and reusable templates. Since everything is stored as .md files, you can organize skills into dedicated collections, tag them, and paste them into AI tools just like prompts.

How is Promptzy different from other prompt managers?

Unlike most prompt managers that use proprietary formats or are locked to a browser, Promptzy stores everything as plain Markdown files on your Mac. It includes role-based onboarding with starter prompts, per-prompt global keyboard shortcuts, dynamic tokens ({{date}}, {{time}}, {{clipboard}}, custom variables), smart suggestions based on usage, import/export of .zip prompt packs, iCloud Sync, and costs just $5 one-time for Pro.

Can I sync my prompts and skills across multiple Macs?

Yes. Promptzy Pro includes bidirectional iCloud Sync. Your prompts and skills are automatically kept in sync across all your Macs through iCloud Drive, while maintaining a local copy for offline access and speed.

What file format does Promptzy use?

Promptzy stores every prompt and skill as a plain Markdown (.md) file with a simple frontmatter header for metadata like title, tags, and collections. Your content is never locked in — files work with any text editor, VS Code, Obsidian, Cursor, or other Markdown-compatible tools.

How do I paste prompts into other apps instantly?

Press Cmd+Shift+P from any app to open Promptzy's Spotlight-style launcher. Search or browse your prompts and skills, press Enter, and the selected item is automatically copied to your clipboard and pasted into the previously active app. The entire flow takes under 2 seconds.

What are dynamic tokens in Promptzy?

Dynamic tokens are placeholders you add to prompts that get replaced at paste time. Built-in tokens include {{date}}, {{time}}, and {{datetime}} with custom format support like {{date:YYYY-MM-DD}}. Pro tokens include {{clipboard}} (injects clipboard contents) and custom variables like {{name:default}} that prompt for input. They turn static prompts into reusable, context-aware templates.

Back to Blog

The Best AI Prompts for Code Review (Works with Any AI Tool)

March 20, 2026by Nav

ai prompts code reviewchatgpt code review promptclaude code reviewai code reviewdeveloper tools

AI code review is genuinely useful — but only if you tell it what to look for. "Review this code" gets you generic feedback. "Review this code for SQL injection vulnerabilities with specific line citations" gets you something you can act on.

Promptzy in action – manage AI prompts on Mac

These prompts are organized by review type. Each one is specific enough to produce actionable output, and each uses {{clipboard}} so you can paste your code and fire it in one motion.

General Code Review

1. Full Code Review

Review the following code. I want a complete review covering all dimensions:

**Bugs & Correctness:**
- Logic errors, off-by-one mistakes, null/undefined handling
- Race conditions or concurrency issues
- Incorrect assumptions about input types or ranges

**Security:**
- Injection vulnerabilities, auth gaps, secrets in code
- Input validation and sanitization
- Anything that could be exploited

**Performance:**
- Unnecessary loops or re-computation
- Database query issues (N+1, missing indexes)
- Memory allocation or leak risks

**Readability:**
- Confusing variable/function names
- Long functions that should be split
- Missing or misleading comments

**Best Practices:**
- Violation of SOLID principles or your standard patterns
- Missing error handling
- Hard-coded values that should be configurable

For each issue: file location, problem, and specific fix. Show corrected code.

Code: {{clipboard}}

2. Quick Review (Pre-Commit)

Quick review before I commit this. Flag only:
1. Bugs that would break in production
2. Security issues
3. Something a reviewer will definitely push back on

Skip style feedback. Keep it under 10 items. Be specific — show me the line.

Code: {{clipboard}}

3. Review for a Specific Language/Framework

Review this [LANGUAGE/FRAMEWORK] code. Apply the idiomatic conventions for [LANGUAGE/FRAMEWORK] specifically — don't give me generic advice.

Look for:
- Anti-patterns specific to [LANGUAGE/FRAMEWORK]
- Places where I'm not using the framework the way it's designed to be used
- Deprecated APIs or patterns I should migrate away from
- Performance gotchas specific to [LANGUAGE/FRAMEWORK]

Code: {{clipboard}}

Security-Focused Reviews

4. OWASP Top 10 Check

Review this code for OWASP Top 10 vulnerabilities:

1. Injection (SQL, command, LDAP)
2. Broken authentication
3. Sensitive data exposure (keys, PII in logs)
4. XML external entities
5. Broken access control
6. Security misconfiguration
7. Cross-site scripting (XSS)
8. Insecure deserialization
9. Using components with known vulnerabilities
10. Insufficient logging and monitoring

For each: Is it present? If yes — severity (Critical/High/Medium/Low), location, and fix.

Code: {{clipboard}}

5. Authentication & Authorization Audit

Audit this code specifically for authentication and authorization issues.

Check:
- Are authentication checks present before protected resources?
- Is authorization checked at the right level (not just UI)?
- Are session tokens handled securely (storage, expiry, invalidation)?
- Is there any privilege escalation possible?
- Are there missing rate limits on auth endpoints?
- Any hardcoded credentials or API keys?

Show me every place where a user could access something they shouldn't.

Code: {{clipboard}}

6. Input Validation Review

Review all input validation in this code.

For every place user input enters the system:
- Is it validated before processing?
- Is the validation specific enough (not just "not null")?
- Is it sanitized before being stored or rendered?
- Could any input bypass the validation?

Also flag: places where input goes into a query, shell command, or file path without validation.

Code: {{clipboard}}

Performance Reviews

7. Algorithm & Complexity Review

Review this code for algorithmic complexity issues.

For each function:
- What's the time complexity? Is it appropriate for the expected input size?
- Are there O(n²) or worse loops that could be reduced?
- Are there repeated lookups into a list/array that should be a set/dict?
- Any recursion that could blow the stack on large inputs?

Show the optimized version for each issue you find.

Code: {{clipboard}}

8. Database Query Review

Review this code for database query issues.

Check for:
- N+1 queries (loading a collection, then querying for each item)
- Missing eager loading (joins that should be included)
- Queries inside loops
- Queries selecting more columns than needed (SELECT *)
- Missing query result limits
- Missing indexes on likely query patterns (infer from the WHERE clauses)

For each issue: show the query, the problem, and the fix.

Code: {{clipboard}}

9. Memory & Resource Review

Review this code for memory and resource issues.

Look for:
- Memory leaks (event listeners not removed, closures holding references, caches without eviction)
- Large objects unnecessarily held in scope
- Resources not closed (files, connections, streams)
- Repeated object creation that could be reused
- Unnecessary data copying

Code: {{clipboard}}

Readability & Maintainability

10. Naming & Clarity Review

Review this code for naming and clarity issues.

Flag:
- Variable or function names that don't describe what they do
- Boolean variables that aren't named as questions (e.g., `active` should be `isActive`)
- Functions that do more than one thing (name is a clue — if you need "and" to describe it, split it)
- Magic numbers or strings that should be named constants
- Comments that just repeat what the code says vs. comments that explain why

Suggest better names. Don't rewrite logic.

Code: {{clipboard}}

11. Function Size & Complexity Review

Review this code for function size and cyclomatic complexity issues.

Flag:
- Functions over 30-40 lines
- Functions with more than 3-4 levels of nesting
- Functions that do clearly distinct things (refactor candidates)
- Switch/if-else chains that could be replaced with a lookup table or strategy pattern

For each: suggest how to break it up and what each extracted function should be named.

Code: {{clipboard}}

12. Comment Quality Review

Review the comments in this code.

Flag:
- Comments that state the obvious ("// increment i")
- Outdated comments that don't match the current code
- Missing comments on non-obvious logic
- TODOs that have been there long enough to be tech debt
- Functions/classes with no docstring/JSDoc that should have one

Suggest better comments for the flagged sections.

Code: {{clipboard}}

Test Coverage Reviews

13. Test Coverage Gap Analysis

Review these tests and identify coverage gaps.

What's missing:
- Happy path cases not covered
- Boundary conditions not tested (empty, zero, max, overflow)
- Error and exception paths not tested
- Async failure cases
- Integration points not tested
- Edge cases specific to the business logic

For each gap: suggest a specific test case (not just "add more tests").

Tests: {{clipboard}}

14. Test Quality Review

Review these tests for quality issues.

Flag:
- Tests that test implementation rather than behavior
- Tests with hardcoded data that should use factories or fixtures
- Tests that are too broad (testing 3 things at once)
- Assertions that are too weak (not asserting enough)
- Tests that will fail intermittently (timing, ordering dependencies)
- Tests that never actually test the failure case

Rewrite one example test that has the most issues.

Tests: {{clipboard}}

Architecture & Design Reviews

15. SOLID Principles Review

Review this code for SOLID principle violations.

Check each principle:
- **S** (Single Responsibility): Does each class/function do one thing?
- **O** (Open/Closed): Can you extend behavior without modifying existing code?
- **L** (Liskov Substitution): Are subclasses substitutable for their base?
- **I** (Interface Segregation): Are interfaces lean (not forcing unnecessary implementations)?
- **D** (Dependency Inversion): Are high-level modules depending on abstractions?

For each violation: location, which principle, why it's a problem, and a refactoring suggestion.

Code: {{clipboard}}

16. Coupling & Cohesion Review

Review this code for coupling and cohesion issues.

Look for:
- Tight coupling between modules (direct references to concrete implementations)
- God objects (classes that know too much about too many things)
- Feature envy (functions more interested in another class's data)
- Shotgun surgery risk (one change requires edits in many files)
- Low cohesion (module doing unrelated things)

For each issue: explain the problem and suggest a refactoring approach.

Code: {{clipboard}}

PR & Commit-Level Reviews

17. PR Summary Generator

Based on this diff / list of changes, write a PR description:

{{clipboard}}

Include:
- What this PR does (1-2 sentences)
- Why this change was needed
- How to test it
- Any breaking changes or migration steps
- What reviewers should focus on

Under 300 words. Useful for the reviewer, not just a changelog.

18. Breaking Change Detector

Review this diff/code change and identify any breaking changes.

A breaking change is any change that:
- Changes the public API surface (renamed/removed/retyped parameters)
- Changes the expected return type or shape
- Removes or renames a database column/table
- Changes an event name or payload
- Changes default behavior in a way callers depend on

For each breaking change: what it is, who it breaks, and how to make it backward-compatible.

Code/diff: {{clipboard}}

19. Commit Message Quality Check

Review these commit messages for quality:

{{clipboard}}

Flag messages that:
- Are too vague ("fix bug", "update code", "changes")
- Mix unrelated changes
- Don't explain why the change was made
- Are in the wrong tense (use imperative: "Add" not "Added")

Rewrite the worst 2-3 messages as examples of good commit messages.

Getting the Most From AI Code Review

A few patterns that improve output quality:

Give context. "This is a public API handler" vs. "this is an internal utility" changes what the AI flags. Context matters.

Ask for line numbers. If the AI gives vague feedback, follow up: "Give me the specific line number and exact fix."

Iterate. "Fix the SQL injection issue and show me the corrected version" produces better results than reading suggestions and fixing yourself.

Set severity. "Flag only Critical and High issues" is useful for time-constrained reviews. "Flag everything including style" is useful for thorough reviews.

Save These as a Promptzy Collection

Code review prompts are worth saving because they're long and structured — rewriting them mid-review breaks your flow. Promptzy stores each as a Markdown file on your Mac. Copy your code, press Cmd+Shift+P, type "security review" or "pr summary," and the prompt pastes with {{clipboard}} auto-filled. Under 2 seconds. $5 once.

All prompts work with ChatGPT, Claude, Gemini, GitHub Copilot, or any AI tool.

Store and manage your prompts with Promptzy

Free prompt manager for Mac. Search with Cmd+Shift+P, auto-paste into any AI app.

Download Free for macOS