Inference Recon

AI helped you build it.
The least it can do is help you secure it.

Not sure if you should trust a prompt from the internet? Drop it into your AI first and ask "is this safe to run on my code?" — the full text is right below.

View prompt 

  


  

    
How to use it

    
    
      
  1. Copy the prompt
    2. 
      
  2. Open Claude Code, Cursor, or Codex with your project loaded — the same way you normally work on it
    3. 
      
  3. Paste and hit enter
    4. 
      
  4. Read your report
    5. 
      
  5. Paste any finding back and say "fix this"
    6. 
    

    
Your AI will ask for permission before it reads your files. That's expected — it's asking to view your code, nothing else. Approve it to continue.

  


  

    
What you get

    
## Scorecard
| Domain           | Grade |
|------------------|-------|
| Code             |   B   |
| Dependencies     |   A   |
| Secrets & Config |   F   |
| Architecture     |   C   |
| Overall          |   F   |

    
Every finding includes the file and line number, a plain-English explanation of what's wrong, how an attacker would use it, and a specific fix.

    
Paste any finding back into your AI and say "fix this" — same tool, same window. You already know how to do this.

  


  

    
Which model?

    

      

        Haiku
        ~30 seconds. Catches critical and high issues. Good first pass.
      

      

        Sonnet
        ~5–10 minutes. Surfaces everything including subtle architectural problems. Use before a launch.
      

    

    
Start with Haiku. Upgrade when the stakes are higher.

  


  

    
After the scan

    
A code scan can only see what's in your files. Your domain, accounts, infrastructure, and provider security are a separate surface this scan cannot see.

    
The Human Guide covers everything else. Most items take under 15 minutes.

    Open the Human Guide →
  


  

    
When you're done fixing

    
Run the wrap-up prompt. Your AI will check which findings were addressed, flag false positives, and generate a structured feedback block for you to submit. Nothing to fill in — your AI does it.

    Open the wrap-up prompt →
  


  

    
A note on trust

    
Fix what it finds and you'll be meaningfully more secure than when you started. The patterns it looks for are the ones that actually get apps breached. It won't catch everything — no tool does — but it's a real starting point, not a checkbox.