igmarin/rails-agent-skills

Curated library of 28 public AI agent skills for Ruby on Rails development. Organized by category: testing, code-quality, engines, infrastructure, api, and context. Covers code review, architecture, security, testing (RSpec), engines, Hotwire, and TDD automation. Shared Ruby skills (YARD docs, DDD, service objects) have moved to ruby-core-skills. Repository agents remain documented in GitHub but are intentionally excluded from the Tessl tile.

1.78x

Quality

95%

Does it follow best practices?

Impact

93%

1.78x

Average score across 28 eval scenarios

Securityby

Passed

No known issues

Rails Security Review — Pitfalls

Name: igmarin/rails-agent-skills
Rating: 93.21 (1 reviews)
Author: igmarin

Pitfall	Reality
"Only internal users access this"	Internal tools get compromised — apply the same standards
`permit!` "just for now"	It will ship. Allowlist from day one
"Rails handles CSRF automatically"	Only if `protect_from_forgery` is active and tokens are verified
String interpolation in SQL	SQL injection — always use parameterized queries
`html_safe` on user content	XSS — only call on developer-controlled strings
Secrets in committed files	Use encrypted credentials. Rotate immediately if exposed
No authorization before destructive actions	Always check permissions, even for internal routes
Background job inputs not validated	Jobs are entry points — validate inputs like a controller

agents

docs

evals

skills

api

context

infrastructure

testing

README.md

tile.json

igmarin/rails-agent-skills

PITFALLS.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}skills/code-quality/security-check/

Rails Security Review — Pitfalls

PITFALLS.mdskills/code-quality/security-check/