CtrlK
BlogDocsLog inGet started
Tessl Logo

igmarin/elixir-phoenix-skills

Curated library of 38 atomic skills, 7 personas, and 1 orchestrator for Elixir and Phoenix development. Organized by category: fundamentals, phoenix, database, testing, auth, infrastructure, quality, security, integrations, tooling, frameworks, personas, and orchestration. Covers core Elixir patterns, Phoenix LiveView, Ecto, OTP, Oban, testing, security, deployment, real-time, and modern tooling (Req, Swoosh, Cachex, Broadway, Ash).

91

1.37x
Quality

91%

Does it follow best practices?

Impact

91%

1.37x

Average score across 56 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-40/

{
  "context": "Checks whether the final artifact follows the security-essentials instructions from the published Elixir Phoenix Skills plugin.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "instruction-1",
      "description": "The submitted artifact follows this skill instruction: Use this skill before writing ANY security-sensitive code.",
      "max_score": 10
    },
    {
      "name": "instruction-2",
      "description": "The submitted artifact follows this skill instruction: **Sensitive data in logs** — passwords, tokens, API keys, and PII must never appear in logs → [Sensitive Data in Logs](#sensitive-data-in-logs)",
      "max_score": 10
    },
    {
      "name": "instruction-3",
      "description": "The submitted artifact follows this skill instruction: **Sobelow in CI** — `mix sobelow` must pass in CI; fail on any HIGH or CRITICAL finding",
      "max_score": 10
    },
    {
      "name": "instruction-4",
      "description": "The submitted artifact follows this skill instruction: **Identify attack surface** — list all user inputs, external data sources, and network boundaries",
      "max_score": 10
    },
    {
      "name": "instruction-5",
      "description": "The submitted artifact follows this skill instruction: **Run `mix sobelow --router MyAppWeb.Router`** — static analysis on your router and controllers",
      "max_score": 10
    },
    {
      "name": "instruction-6",
      "description": "The submitted artifact follows this skill instruction: **Run `mix sobelow --private`** — check private functions for vulnerabilities",
      "max_score": 10
    },
    {
      "name": "instruction-7",
      "description": "The submitted artifact follows this skill instruction: **Review findings by severity** — HIGH severity first, then MEDIUM, then LOW",
      "max_score": 10
    },
    {
      "name": "instruction-8",
      "description": "The submitted artifact follows this skill instruction: **Run full audit** — `mix deps.audit && mix hex.audit && mix sobelow` before merging",
      "max_score": 10
    },
    {
      "name": "instruction-9",
      "description": "The submitted artifact follows this skill instruction: **Interpretation:** Any Sobelow finding of HIGH or CRITICAL severity MUST be fixed before merging. LOW findings should be tracked and addressed within 2 sprints.",
      "max_score": 10
    },
    {
      "name": "instruction-10",
      "description": "The submitted artifact follows this skill instruction: Never disable Phoenix's built-in CSRF protection.",
      "max_score": 10
    }
  ]
}

evals

.mcp.json

README.md

tile.json