igmarin/rails-agent-skills

Curated library of 28 public AI agent skills for Ruby on Rails development. Organized by category: testing, code-quality, engines, infrastructure, api, and context. Covers code review, architecture, security, testing (RSpec), engines, Hotwire, and TDD automation. Shared Ruby skills (YARD docs, DDD, service objects) have moved to ruby-core-skills. Repository agents remain documented in GitHub but are intentionally excluded from the Tessl tile.

1.78x

Quality

95%

Does it follow best practices?

Impact

93%

1.78x

Average score across 28 eval scenarios

Securityby

Passed

No known issues

Agent Stage: Review & Validation (50)

Name: igmarin/rails-agent-skills
Rating: 93.21 (1 reviews)
Author: igmarin

When to use: Review your own or others' code, respond to feedback, or audit security/architecture.

Main Flow: Code Review

graph TB
    subgraph Review [👁️ Phase 1: Review]
        direction TB
        A[PR ready] --> B[code-review]
        B --> C{Security concerns?}
        C -- Yes --> D[security-check]
    end

    subgraph DeepDive [🔍 Phase 2: Deep Dive - Optional]
        direction TB
        C -- No --> E{Architecture issues?}
        E -- Yes --> F[review-architecture]
        D --> F
    end

    subgraph Respond [📝 Phase 3: Respond]
        direction TB
        E -- No --> G{Findings?}
        F --> G
        G -- Critical --> H[respond-to-review]
        H --> I[Implement fixes]
        I --> J{Critical fixed?}
        J -- No --> K[Re-review]
        J -- Yes --> L((Merge))
    end

    G -- None/minor --> L
    K --> B

    %% Styling
    style Review fill:#f5f5f5,stroke:#333,stroke-dasharray: 5 5
    style DeepDive fill:#f3e5f5,stroke:#4a148c
    style Respond fill:#e1f5fe,stroke:#01579b
    style C fill:#ffd54f
    style E fill:#ffd54f
    style G fill:#ffd54f
    style J fill:#ffd54f
    style L fill:#e8f5e9,stroke:#1b5e20,stroke-width:3px

code-review

Goal: Systematic Rails PR review.

Checklist by Area

Area	What to review
Routing	RESTful routes, shallow nesting, route helpers
Controllers	Thin, 1-line actions, strong params, callbacks audit
Models	Validations, scopes, callbacks, N+1 queries
Queries	Eager loading, pluck vs map, exists? vs present?
Migrations	Reversible, index names, null constraints
Security	Strong params, auth checks, output encoding
Testing	Correct spec type, minimal factories, no internal mocks
Jobs	Idempotency, retry config, log context

Severity Levels

Level	Action
Critical	Blocks merge — fix before merging
Suggestion	Fix in this PR or separate ticket
Nice to have	Optional, does not block

security-check

Goal: Deep security dive.

Audit Checklist

Auth — Session management, token handling
Authorization — IDOR, role checks, policy coverage
Input validation — Strong params, SQL injection
Output encoding — XSS prevention
Redirects — Open redirect vulnerabilities
Secrets — Never in code, logs, or VCS
GraphQL — Introspection off in prod, depth limits

review-architecture

Goal: Structural review of boundaries and abstractions.

Review Signals

Feature crosses multiple models without clarity
Service creates/modifies unrelated models
Complex callbacks calling other models
Logic duplicated between controllers

Output

Boundary recommendations
Extraction suggestions
Coupling assessment

respond-to-review

Goal: Respond to received feedback.

Process

Evaluate each suggestion — is it correct?
Push back if wrong — explain why
Implement accepted items — one at a time
Re-review mandatory if Critical findings

Anti-pattern: "LGTM! Will address in follow-up" — no performative agreement

Skills in this Stage

Skill	Description	Trigger words
code-review	Systematic PR review	"review PR", "code review", "check this code"
security-check	Security audit	"security", "audit", "vulnerability", "XSS", "SQL injection"
review-architecture	Structural review	"architecture", "structure", "boundaries", "extract"
respond-to-review	Respond to feedback	"feedback", "review comments", "address feedback"
generate-api-collection	API testing docs	"Postman", "API collection", "REST endpoints"