igmarin/rails-agent-skills
Curated library of 41 public AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, and orchestration. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation. Repository workflows remain documented in GitHub but are intentionally excluded from the Tessl tile.
95
93%
Does it follow best practices?
Impact
96%
1.77xAverage score across 41 eval scenarios
Passed
No known issues
criteria.jsonevals/scenario-27/
{
"context": "Checks whether the final artifact follows the security-check instructions from the published Rails Agent Skills tile.",
"type": "weighted_checklist",
"checklist": [
{
"name": "instruction-1",
"description": "The submitted artifact follows this skill instruction: Use this skill when the task is to review or harden Rails code from a security perspective.",
"max_score": 12
},
{
"name": "instruction-2",
"description": "The submitted artifact follows this skill instruction: Check authentication and authorization boundaries.",
"max_score": 11
},
{
"name": "instruction-3",
"description": "The submitted artifact follows this skill instruction: Check parameter handling and sensitive attribute assignment.",
"max_score": 11
},
{
"name": "instruction-4",
"description": "The submitted artifact follows this skill instruction: Check redirects, rendering, and output encoding.",
"max_score": 11
},
{
"name": "instruction-5",
"description": "The submitted artifact follows this skill instruction: Check file handling, network calls, and background job inputs.",
"max_score": 11
},
{
"name": "instruction-6",
"description": "The submitted artifact follows this skill instruction: Check secrets, logging, and operational exposure.",
"max_score": 11
},
{
"name": "instruction-7",
"description": "The submitted artifact follows this skill instruction: **Verify each finding:** Confirm it is exploitable with a concrete attack scenario before reporting. Exclude false positives (e.g., `html_safe` on a developer-defined constant, not user input).",
"max_score": 11
},
{
"name": "instruction-8",
"description": "The submitted artifact follows this skill instruction: Do not omit a category because the prompt is brief. If a category has no reproduced issue, write \"No issues found\" and state what evidence would be needed to verify it.",
"max_score": 11
},
{
"name": "instruction-9",
"description": "The submitted artifact follows this skill instruction: Do not use representative file paths as if they were confirmed evidence.",
"max_score": 11
}
]
}docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
mcp_server
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
respond-to-review
review-architecture
security-check
context
load-context
setup-environment
ddd
define-domain-language
model-domain
review-domain-boundaries
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
orchestration
skill-router
patterns
create-service-object
implement-calculator-pattern
write-yard-docs
planning
create-prd
generate-tasks
plan-tickets
testing
plan-tests
test-service
triage-bug
write-tests
workflows