igmarin/rails-agent-skills
Curated library of 41 public AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, and orchestration. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation. Repository workflows remain documented in GitHub but are intentionally excluded from the Tessl tile.
95
93%
Does it follow best practices?
Impact
96%
1.77xAverage score across 41 eval scenarios
Passed
No known issues
examples.mdskills/code-quality/code-review/assets/
code-review examples
Machine-readable finding (map severity to skill labels: Critical | Suggestion | Nice to have)
{
"severity": "Critical",
"file": "app/controllers/orders_controller.rb",
"line": 120,
"risk": "Unpermitted params used in create leading to mass-assignment of admin flag",
"recommendation": "Use strong params and allowlist permitted attributes; add test to assert admin cannot be set via params",
"proof_of_concept": "POST /orders with { order: { amount: 1, admin: true } } sets admin flag to true for new order"
}PR comment shape (markdown, matches SKILL.md)
## Review — Add order totals
### Critical
- [app/controllers/orders_controller.rb:42] (Controllers) `permit!` on nested params. **Mitigation:** replace with explicit `.permit(:amount, :currency)`.
### Suggestion
- [app/models/order.rb:30] (Queries) N+1 loading line items in index. **Mitigation:** `includes(:line_items)` on the index scope.
### Nice to have
- [spec/requests/orders_spec.rb:12] (Tests) Describe block could name the unauthorized case. **Mitigation:** add a `context` for the missing-session case.
**Actions required:** Critical — block merge until fixed and re-reviewed. Suggestion — fix in this PR. Nice to have — optional.Reviewer note examples
- "Suggest moving business logic to OrderCreator service and adding request specs"
- "Index on orders(user_id, status) would improve query performance for recent reports"
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
mcp_server
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
respond-to-review
review-architecture
security-check
context
load-context
setup-environment
ddd
define-domain-language
model-domain
review-domain-boundaries
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
orchestration
skill-router
patterns
create-service-object
implement-calculator-pattern
write-yard-docs
planning
create-prd
generate-tasks
plan-tickets
testing
plan-tests
test-service
triage-bug
write-tests
workflows