igmarin/rails-agent-skills
Curated library of 28 public AI agent skills for Ruby on Rails development. Organized by category: testing, code-quality, engines, infrastructure, api, and context. Covers code review, architecture, security, testing (RSpec), engines, Hotwire, and TDD automation. Shared Ruby skills (YARD docs, DDD, service objects) have moved to ruby-core-skills. Repository agents remain documented in GitHub but are intentionally excluded from the Tessl tile.
93
95%
Does it follow best practices?
Impact
93%
1.78xAverage score across 28 eval scenarios
Passed
No known issues
examples.mdskills/code-quality/code-review/assets/
code-review examples
Machine-readable finding (map severity to skill labels: Critical | Suggestion | Nice to have)
{
"severity": "Critical",
"file": "app/controllers/orders_controller.rb",
"line": 120,
"risk": "Unpermitted params used in create leading to mass-assignment of admin flag",
"recommendation": "Use strong params and allowlist permitted attributes; add test to assert admin cannot be set via params",
"proof_of_concept": "POST /orders with { order: { amount: 1, admin: true } } sets admin flag to true for new order"
}PR comment shape (markdown, matches SKILL.md)
## Review — Add order totals
### Critical
- [app/controllers/orders_controller.rb:42] (Controllers) `permit!` on nested params. **Mitigation:** replace with explicit `.permit(:amount, :currency)`.
### Suggestion
- [app/models/order.rb:30] (Queries) N+1 loading line items in index. **Mitigation:** `includes(:line_items)` on the index scope.
### Nice to have
- [spec/requests/orders_spec.rb:12] (Tests) Describe block could name the unauthorized case. **Mitigation:** add a `context` for the missing-session case.
**Actions required:** Critical — block merge until fixed and re-reviewed. Suggestion — fix in this PR. Nice to have — optional.Reviewer note examples
- "Suggest moving business logic to OrderCreator service and adding request specs"
- "Index on orders(user_id, status) would improve query performance for recent reports"
agents
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
review-architecture
security-check
context
load-context
setup-environment
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
testing
plan-tests
test-service
write-tests