Curated library of 38 atomic skills, 7 personas, and 1 orchestrator for Elixir and Phoenix development. Organized by category: fundamentals, phoenix, database, testing, auth, infrastructure, quality, security, integrations, tooling, frameworks, personas, and orchestration. Covers core Elixir patterns, Phoenix LiveView, Ecto, OTP, Oban, testing, security, deployment, real-time, and modern tooling (Req, Swoosh, Cachex, Broadway, Ash).
91
91%
Does it follow best practices?
Impact
91%
1.37xAverage score across 56 eval scenarios
Advisory
Suggest reviewing before use
{
"context": "Checks whether the final artifact follows the security-essentials instructions from the published Elixir Phoenix Skills plugin.",
"type": "weighted_checklist",
"checklist": [
{
"name": "instruction-1",
"description": "The submitted artifact follows this skill instruction: Use this skill before writing ANY security-sensitive code.",
"max_score": 10
},
{
"name": "instruction-2",
"description": "The submitted artifact follows this skill instruction: **Sensitive data in logs** — passwords, tokens, API keys, and PII must never appear in logs → [Sensitive Data in Logs](#sensitive-data-in-logs)",
"max_score": 10
},
{
"name": "instruction-3",
"description": "The submitted artifact follows this skill instruction: **Sobelow in CI** — `mix sobelow` must pass in CI; fail on any HIGH or CRITICAL finding",
"max_score": 10
},
{
"name": "instruction-4",
"description": "The submitted artifact follows this skill instruction: **Identify attack surface** — list all user inputs, external data sources, and network boundaries",
"max_score": 10
},
{
"name": "instruction-5",
"description": "The submitted artifact follows this skill instruction: **Run `mix sobelow --router MyAppWeb.Router`** — static analysis on your router and controllers",
"max_score": 10
},
{
"name": "instruction-6",
"description": "The submitted artifact follows this skill instruction: **Run `mix sobelow --private`** — check private functions for vulnerabilities",
"max_score": 10
},
{
"name": "instruction-7",
"description": "The submitted artifact follows this skill instruction: **Review findings by severity** — HIGH severity first, then MEDIUM, then LOW",
"max_score": 10
},
{
"name": "instruction-8",
"description": "The submitted artifact follows this skill instruction: **Run full audit** — `mix deps.audit && mix hex.audit && mix sobelow` before merging",
"max_score": 10
},
{
"name": "instruction-9",
"description": "The submitted artifact follows this skill instruction: **Interpretation:** Any Sobelow finding of HIGH or CRITICAL severity MUST be fixed before merging. LOW findings should be tracked and addressed within 2 sprints.",
"max_score": 10
},
{
"name": "instruction-10",
"description": "The submitted artifact follows this skill instruction: Never disable Phoenix's built-in CSRF protection.",
"max_score": 10
}
]
}.tessl-plugin
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
scenario-42
scenario-43
scenario-44
scenario-45
scenario-46
scenario-47
scenario-48
scenario-49
scenario-50
scenario-51
scenario-52
scenario-53
scenario-54
scenario-55
scenario-56
skills
frameworks
ash-framework
infrastructure
orchestration
elixir-skill-router
personas
phoenix
quality
security
security-essentials
tooling
mix-tasks-generators