igmarin/rails-agent-skills

Curated library of 39 AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, orchestration, and workflows. Includes 5 callable workflow skills (rails-tdd-loop, rails-review-flow, rails-setup-flow, rails-quality-flow, rails-engines-flow) for complete development cycles. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation.

1.20x

Quality

98%

Does it follow best practices?

Impact

95%

1.20x

Average score across 35 eval scenarios

Securityby

Passed

No known issues

Document Search Security Audit

Name: igmarin/rails-agent-skills
Rating: 95.37 (1 reviews)
Author: igmarin

Problem/Feature Description

A legal technology company is preparing for a security audit before onboarding enterprise customers. Their Rails application includes a document management module that was written quickly by a contractor. The CTO has asked for a thorough security assessment of the module's code before it touches any client data.

The engineering team needs a written security review they can share with their auditors and use to prioritise remediation work. The review should be actionable — auditors want to understand exactly what can go wrong and how an attacker would exploit each issue, not just a list of abstract best-practice suggestions.

Produce a security review of the code provided below. Save the review as security-review.md.

Input Files

The following files are provided as inputs. Extract them before beginning.

=============== FILE: app/controllers/documents_controller.rb =============== class DocumentsController < ApplicationController def index query = params[:search] @documents = Document.where("title LIKE '%#{query}%' OR body LIKE '%#{query}%'") render :index end

def show @document = Document.find(params[:id]) render :show end

def update @document = Document.find(params[:id]) @document.update(params[:document]) redirect_to @document end

def destroy @document = Document.find(params[:id]) @document.destroy redirect_to documents_path end

def download @document = Document.find(params[:id]) file_path = Rails.root.join('storage', params[:filename]) send_file file_path end end

=============== FILE: app/models/document.rb =============== class Document < ApplicationRecord belongs_to :user has_many :document_versions

after_save :log_access

def log_access Rails.logger.info("Document accessed: #{self.inspect}") end

def self.search_for_user(user_id, term) where("user_id = #{user_id} AND title ILIKE ?", "%#{term}%") end end

=============== FILE: config/initializers/api_keys.rb =============== SENDGRID_API_KEY = "SG.abc123xyz789secretkey" STRIPE_SECRET_KEY = "sk_live_realproductionkey999" AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

evals

scenario-1

scenario-2

scenario-3

scenario-4

scenario-5

scenario-6

scenario-7

scenario-8

scenario-9

scenario-10

scenario-11

scenario-12

scenario-13

scenario-14

scenario-15

scenario-16

scenario-17

scenario-18

scenario-19

criteria.json

task.md

scenario-20

scenario-21

scenario-22

scenario-23

scenario-24

scenario-25

scenario-26

scenario-27

scenario-28

scenario-29

scenario-30

scenario-31

scenario-32

scenario-33

scenario-34

scenario-35

mcp_server

skills

README.md

tile.json

igmarin/rails-agent-skills

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-19/

Document Search Security Audit

Problem/Feature Description

Input Files

task.mdevals/scenario-19/