igmarin/rails-agent-skills
Curated library of AI agent skills for Ruby on Rails development. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and workflow automation.
98
99%
Does it follow best practices?
Impact
98%
1.38xAverage score across 26 eval scenarios
Passed
No known issues
PITFALLS.mdrails-security-review/
Rails Security Review — Pitfalls
| Pitfall | Reality |
|---|---|
| "Only internal users access this" | Internal tools get compromised — apply the same standards |
permit! "just for now" | It will ship. Whitelist from day one |
| "Rails handles CSRF automatically" | Only if protect_from_forgery is active and tokens are verified |
| String interpolation in SQL | SQL injection — always use parameterized queries |
html_safe on user content | XSS — only call on developer-controlled strings |
| Secrets in committed files | Use encrypted credentials. Rotate immediately if exposed |
| No authorization before destructive actions | Always check permissions, even for internal routes |
| Background job inputs not validated | Jobs are entry points — validate inputs like a controller |
api-rest-collection
create-prd
ddd-boundaries-review
ddd-rails-modeling
ddd-ubiquitous-language
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
generate-tasks
mcp_server
rails-architecture-review
rails-background-jobs
rails-bug-triage
rails-code-conventions
rails-code-review
rails-engine-compatibility
rails-engine-docs
rails-engine-extraction
rails-engine-installers
rails-engine-release
rails-engine-reviewer
rails-engine-testing
rails-graphql-best-practices
rails-migration-safety
rails-review-response
rails-security-review
rails-skills-orchestrator
rails-stack-conventions
rails-tdd-slices
refactor-safely
rspec-best-practices
rspec-service-testing
ruby-service-objects
strategy-factory-null-calculator
ticket-planning
yard-documentation