igmarin/rails-agent-skills
Curated library of 42 public AI agent skills for Ruby on Rails development, plus 5 callable workflow skills. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, orchestration, and workflows. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation.
96
96%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
examples.mdskills/code-quality/code-review/assets/
code-review examples
Machine-readable finding (map severity to skill labels: Critical | Suggestion | Nice to have)
{
"severity": "Critical",
"file": "app/controllers/orders_controller.rb",
"line": 120,
"risk": "Unpermitted params used in create leading to mass-assignment of admin flag",
"recommendation": "Use strong params and whitelist allowed attributes; add test to assert admin cannot be set via params",
"proof_of_concept": "POST /orders with { order: { amount: 1, admin: true } } sets admin flag to true for new order"
}PR comment shape (markdown, matches SKILL.md)
## Review — Add order totals
### Critical
- [app/controllers/orders_controller.rb:42] (Controllers) `permit!` on nested params. **Mitigation:** replace with explicit `.permit(:amount, :currency)`.
### Suggestion
- [app/models/order.rb:30] (Queries) N+1 loading line items in index. **Mitigation:** `includes(:line_items)` on the index scope.
### Nice to have
- [spec/requests/orders_spec.rb:12] (Tests) Describe block could name the unauthorized case. **Mitigation:** add a `context` for the missing-session case.
**Actions required:** Critical — block merge until fixed and re-reviewed. Suggestion — fix in this PR. Nice to have — optional.Reviewer note examples
- "Suggest moving business logic to OrderCreator service and adding request specs"
- "Index on orders(user_id, status) would improve query performance for recent reports"
build
docs
mcp_server
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
respond-to-review
review-architecture
security-check
context
load-context
setup-environment
ddd
define-domain-language
model-domain
review-domain-boundaries
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
orchestration
skill-router
patterns
create-service-object
implement-calculator-pattern
write-yard-docs
planning
create-prd
generate-tasks
plan-tickets
testing
plan-tests
test-service
triage-bug
write-tests
workflows