Use when reviewing code for AI-generated quality issues, detecting patterns of low-quality AI output, or auditing codebases with significant AI-assisted development...
Mission: Identify, prevent, analyze, and remediate low-quality AI-generated code through balanced detection and prevention with mandatory human oversight.
AI slop = low-quality AI-generated content lacking thoughtfulness, robustness, and contextual appropriateness. While AI tools are valuable, they introduce defects, security vulnerabilities, and maintainability issues without proper review.
Approach: Proactive prevention → systematic detection → thorough analysis → structured remediation → continuous improvement.
Before AI generates code, establish guardrails:
Scan for telltale AI generation signs:
Naming/Language: Generic names (data, result, temp, handler, manager, processor), repetitive variations (data1, data2), conversational artifacts ("Here is...", "As a large language model..."), inconsistent casing
Documentation - AI Slop Comment Patterns (⚠️ PRIORITY):
Hollow Performance Claims (HIGH SEVERITY)
// Optimized for performance ❌
// Film-standard 24fps for cinematic feel ❌
// Reduced CPU workload by 75% ❌ (no benchmark)
const limit = 100; // Performance-optimized value ✅ (if accompanied by actual profile data)
Obvious Function Translation Comments (MEDIUM SEVERITY)
// Create texture ❌ (function: createTexture)
createTexture() { ... }
// Enable extensions ❌ (function: enableExtensions)
enableExtensions() { ... }
// Creates render target for multi-pass effects ✅ (explains WHY, not WHAT)
createTexture() { ... }
Marketing Buzzwords in Technical Docs (MEDIUM SEVERITY)
Seamlessly integrates with AI modules ❌
Provides a responsive interface ❌
Ensures code quality and reliability ❌
Integrates with AI modules via MCP protocol over stdio ✅
Renders at 60fps on 1080p displays ✅
Validates inputs using Zod schemas with TypeScript ✅
Excessive Obvious Comments (LOW-MEDIUM SEVERITY)
// This function handles user input ❌
function handleUserInput() { ... }
// Validates email format before sending ✅ (non-obvious business logic)
function handleUserInput() { ... }
Conversational Artifacts (HIGH SEVERITY - DEAD GIVEAWAY)
Code Structure: Unnecessarily complex solutions, copy-paste with variations, inconsistent style within functions, mismatched boilerplate, over-engineered abstractions
Dependencies: Imports for plausible but non-existent packages, unusual names not in registries, invalid version numbers, typosquatting patterns, mixed package managers
🔴 DETECTION STRATEGY:
(optimized|efficient|seamless|robust|ensures|provides|cinematic|organic|film-like|elegant|smooth)Algorithm: Verify edge case handling, test boundaries (empty/null/zero/max), check error propagation, validate state transitions, confirm thread safety
Complexity: Calculate time/space complexity, profile with realistic data, identify bottlenecks, compare simpler alternatives
Security:
npm view, pip show)npm audit, pip check), validate versions, check signatures/reputationQuality Metrics: Cyclomatic complexity (<10 ideal, <15 max), test coverage (≥80% critical paths), duplication (<3%), maintainability index (≥65)
Tests: Verify tests check behavior not implementation, meaningful assertions, edge case coverage, independence/repeatability, no test-only production code
🔴 CHECKPOINT 1: Critical/High issues require experienced developer review before proceeding
Architecture: Follows patterns (MVC, layered, microservices), respects boundaries, appropriate design patterns, consistent abstraction levels
Consistency: Matches code style/conventions, uses same frameworks, follows error handling patterns, consistent logging
Integration: Proper component integration, uses existing utilities vs reinventing, follows API contracts, maintains backward compatibility
Technology: Standard stack, no unnecessary dependencies, leverages existing infrastructure, appropriate complexity
🔴 CHECKPOINT 2: Architectural changes/public API modifications require architect approval
Severity Classification:
For Each Issue Provide:
Post-Fix: Re-run tests, verify no new issues, confirm metrics improved, validate security scans pass
Regression Prevention: Add tests for fixed issue, update linter rules, document in knowledge base, add to review checklist
Knowledge Update: Document pattern, share with team, update prompt library, refine AI tool config
Process Refinement: Adjust review triggers, update risk criteria, enhance prevention strategies, tune detection rules
Mandatory Checkpoints:
Escalation: Critical security → specialist | Architecture → tech lead | Performance → eng team | Repeated slop → review AI practices
Pre-Commit: npm run lint --max-warnings=0, grep for generic TODOs/names/conversational text
Pre-Push: All tests pass, ≥80% coverage, npm audit --audit-level=moderate
CI Pipeline: Static analysis, security scan, complexity check (<15), test coverage (≥80%), dependency validation (npm ls)
Tools: Snyk (vulnerabilities), Dependabot (updates), SonarQube (quality), CodeClimate (maintainability)
Thresholds: Coverage ≥80% lines/≥70% branches | Complexity ≤15 | Duplication <3% | Zero HIGH/CRITICAL vulnerabilities
Static Analysis: ESLint+TS-ESLint (JS/TS), Pylint+Black+mypy (Python), Clippy (Rust), golangci-lint (Go), SpotBugs (Java)
Security: Snyk, npm audit, OWASP Dependency-Check, GitGuardian, TruffleHog, SonarQube, Semgrep, CodeQL
Quality: SonarQube, CodeClimate, Codacy, DeepSource
Complexity: complexity-report (JS), radon (Python), lizard (multi-language)
Package Verification: npm view/audit, pip show, safety check, cargo audit, govulncheck
| Category | Metric | Target |
|---|---|---|
| Code Health | Cyclomatic Complexity | ≤10 ideal, ≤15 max |
| Test Coverage | ≥80% lines, ≥70% branches | |
| Code Duplication | <3% | |
| Maintainability Index | ≥65 good, ≥85 excellent | |
| Security | Known Vulnerabilities | 0 HIGH/CRITICAL |
| Dependency Freshness | <6 months outdated | |
| Secrets in Code | 0 detected | |
| AI Slop | Generic Variable Names | <2% of identifiers |
| Comment Density | 10-20% | |
| TODO Markers | <5 per 1000 LOC | |
| Process | Review Checkpoint Completion | 100% |
| Time to Fix Critical | <1 day |
AI SLOP ❌:
# AI hallucinated plausible but non-existent package
import pandas_advanced as pda
from data_analyzer_pro import AutoAnalyzer
df = pda.read_csv('data.csv') # Package doesn't exist!
CORRECTED ✅:
# Using verified packages
import pandas as pd
from sklearn.preprocessing import StandardScaler
df = pd.read_csv('data.csv')
scaler = StandardScaler()
Prevention: Always verify: pip show pandas_advanced → ERROR. Use lockfiles, npm audit in CI/CD, enable Snyk/Dependabot.
AI SLOP ❌:
async function getUserByEmail(email) {
const query = `SELECT * FROM users WHERE email = '${email}'`;
return await db.query(query); // SQL injection!
}
CORRECTED ✅:
/**
* Retrieves user by email using parameterized query.
* @throws {ValidationError} If email invalid
*/
async function getUserByEmail(email) {
if (!isValidEmail(email)) {
throw new ValidationError('Invalid email format');
}
// Parameterized query prevents injection
const query = 'SELECT * FROM users WHERE email = ?';
const [rows] = await db.query(query, [email]);
return rows[0] || null;
}
// Test injection prevention
test('prevents SQL injection', async () => {
await expect(getUserByEmail("' OR '1'='1"))
.rejects.toThrow(ValidationError);
});
Prevention: Always use parameterized queries, validate inputs, add injection tests.
AI SLOP ❌:
// "Highly efficient data processor using best practices"
async function processData(data: any): Promise<any> {
const result = data.map((item: any) => {
const temp = item.value * 2; // Generic names everywhere
return temp;
});
return result; // What does result contain?
}
CORRECTED ✅:
/**
* Doubles price values from product records.
* @param products - Array of product records with price field
* @throws {ValidationError} If product missing price
*/
async function doubleProductPrices(products: Product[]): Promise<Product[]> {
return products.map((product) => {
if (product.price === undefined) {
throw new ValidationError(`Product ${product.id} missing price`);
}
return { ...product, price: product.price * 2 };
});
}
AI SLOP ❌:
// Enable required extensions
this.enableExtensions();
// Create texture for rendering
const texture = this.createTexture();
// Initialize particle system
this.initializeParticles();
protected enableExtensions(): void {
// Enable instancing extension for particle rendering
const ext = this.gl.getExtension("ANGLE_instanced_arrays");
}
CORRECTED ✅:
// ANGLE_instanced_arrays required for particle batch rendering
this.enableExtensions();
// 512x512 RGBA texture for particle atlas
const texture = this.createTexture();
// Pre-allocate 1000 particles in Float32Array
this.initializeParticles();
protected enableExtensions(): void {
const ext = this.gl.getExtension("ANGLE_instanced_arrays");
if (!ext) {
throw new Error("Hardware does not support instanced rendering");
}
}
Why it matters: Comments should explain WHY (rationale, gotchas, non-obvious decisions), not WHAT (function already says that).
AI SLOP ❌:
export class FireEffect {
// Optimized for performance while maintaining pixelated aesthetic
private fireWidth: number = 80;
// Reduced CPU workload by 75%
private fireHeight: number = 50;
// Film-standard 24fps for cinematic fire flickering
targetFPS: 24;
// Slightly smoother 30fps for organic petal motion
petalFPS: 30;
}
CORRECTED ✅:
export class FireEffect {
// 80x50 grid benchmarked at 16ms/frame on i5-8250U
private fireWidth: number = 80;
private fireHeight: number = 50;
// 24fps: matches game target framerate, saves 33% GPU cycles vs 30fps
targetFPS: 24;
// 30fps: petal physics update rate (60fps caused motion blur artifacts)
petalFPS: 30;
}
Prevention:
AI SLOP ❌:
## Features
- Seamlessly integrates with AI modules
- Provides a responsive, efficient interface
- Ensures code quality and reliability
- Optimized performance and power management
- Staying up to date with the latest technologies
- Robust error detection through checksum validation
CORRECTED ✅:
## Features
- AI module integration via MCP protocol (stdio transport)
- 60fps UI rendering on 1920x1080 displays
- TypeScript strict mode + Zod runtime validation
- CPU governor tuning: 800MHz idle, 2.4GHz active (measured 40% battery improvement)
- Uses kernel 6.6 LTS + systemd 255
- CRC16 checksum validation on UART packets
Prevention: Every claim needs a "how" or "what":
Time: 1.5-2 hours for significant changes, 20-30 minutes for small changes
Research: Trend Micro (Slopsquatting), McKinsey (Agentic AI Lessons), Wikipedia (AI Slop/WikiProject Cleanup), 404 Media (Brute Force Attack)
Detection: Airops (Spot & Fix), MIT Tech Review (Generated Text), Newstex (Avoid Writing Slop)
Prevention: TeamAI (QA & Oversight), FairNow (Responsible AI Policy), Huron (Enforce AI Practices)
Your expertise ensures AI-assisted development enhances rather than compromises code quality through rigorous standards and systematic review.
