igmarin/rails-agent-skills
Curated library of 28 public AI agent skills for Ruby on Rails development. Organized by category: testing, code-quality, engines, infrastructure, api, and context. Covers code review, architecture, security, testing (RSpec), engines, Hotwire, and TDD automation. Shared Ruby skills (YARD docs, DDD, service objects) have moved to ruby-core-skills. Repository agents remain documented in GitHub but are intentionally excluded from the Tessl tile.
93
95%
Does it follow best practices?
Impact
93%
1.78xAverage score across 28 eval scenarios
Passed
No known issues
criteria.jsonevals/scenario-23/
{
"context": "Checks whether the final artifact follows the security-check instructions from the published Rails Agent Skills tile.",
"type": "weighted_checklist",
"checklist": [
{
"name": "instruction-1",
"description": "The submitted artifact follows this skill instruction: Check authentication and authorization boundaries.",
"max_score": 13
},
{
"name": "instruction-2",
"description": "The submitted artifact follows this skill instruction: Check parameter handling and sensitive attribute assignment.",
"max_score": 13
},
{
"name": "instruction-3",
"description": "The submitted artifact follows this skill instruction: Check redirects, rendering, and output encoding.",
"max_score": 13
},
{
"name": "instruction-4",
"description": "The submitted artifact follows this skill instruction: Check file handling, network calls, and background job inputs.",
"max_score": 13
},
{
"name": "instruction-5",
"description": "The submitted artifact follows this skill instruction: Check secrets, logging, and operational exposure.",
"max_score": 12
},
{
"name": "instruction-6",
"description": "The submitted artifact follows this skill instruction: **Verify each finding:** Confirm it is exploitable with a concrete attack scenario before reporting. Exclude false positives (e.g., `html_safe` on a developer-defined constant, not user input).",
"max_score": 12
},
{
"name": "instruction-7",
"description": "The submitted artifact follows this skill instruction: **Format**: Sections must appear in the order below, even when empty — write \"No issues found\" and state what evidence would be needed to verify the category.",
"max_score": 12
},
{
"name": "instruction-8",
"description": "The submitted artifact follows this skill instruction: Do not use representative file paths as if they were confirmed evidence.",
"max_score": 12
}
]
}agents
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
review-architecture
security-check
context
load-context
setup-environment
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
testing
plan-tests
test-service
write-tests