igmarin/rails-agent-skills
Curated library of 42 public AI agent skills for Ruby on Rails development, plus 5 callable workflow skills. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, orchestration, and workflows. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation.
96
96%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
PITFALLS.mdskills/code-quality/security-check/
Rails Security Review — Pitfalls
| Pitfall | Reality |
|---|---|
| "Only internal users access this" | Internal tools get compromised — apply the same standards |
permit! "just for now" | It will ship. Whitelist from day one |
| "Rails handles CSRF automatically" | Only if protect_from_forgery is active and tokens are verified |
| String interpolation in SQL | SQL injection — always use parameterized queries |
html_safe on user content | XSS — only call on developer-controlled strings |
| Secrets in committed files | Use encrypted credentials. Rotate immediately if exposed |
| No authorization before destructive actions | Always check permissions, even for internal routes |
| Background job inputs not validated | Jobs are entry points — validate inputs like a controller |
build
docs
mcp_server
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
respond-to-review
review-architecture
security-check
context
load-context
setup-environment
ddd
define-domain-language
model-domain
review-domain-boundaries
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
orchestration
skill-router
patterns
create-service-object
implement-calculator-pattern
write-yard-docs
planning
create-prd
generate-tasks
plan-tickets
testing
plan-tests
test-service
triage-bug
write-tests
workflows