authorization-pundit
Implements policy-based authorization with Pundit for resource access control. Use when adding authorization rules, checking permissions, restricting actions, role-based access, or when user mentions Pundit, policies, authorization, or permissions.
86
83%
Does it follow best practices?
Impact
93%
1.04xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description with strong trigger terms and explicit 'Use when' guidance that clearly defines both purpose and activation conditions. The main weakness is that the capability description could be more specific about concrete actions (e.g., creating policy classes, defining scopes, authorizing controller actions). Overall, it should perform well in skill selection scenarios.
Suggestions
Enhance specificity by listing concrete actions like 'create policy classes, define scopes, authorize controller actions, handle unauthorized access'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Pundit, authorization) and mentions 'policy-based authorization' and 'resource access control', but doesn't list multiple specific concrete actions like 'create policies', 'define scopes', 'authorize controllers'. | 2 / 3 |
Completeness | Clearly answers both what ('Implements policy-based authorization with Pundit for resource access control') and when ('Use when adding authorization rules, checking permissions, restricting actions, role-based access, or when user mentions Pundit, policies, authorization, or permissions'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'authorization rules', 'checking permissions', 'restricting actions', 'role-based access', 'Pundit', 'policies', 'authorization', 'permissions' - these are all terms users naturally use when needing this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Very distinct niche - specifically targets Pundit gem for Ruby/Rails authorization. The explicit mention of 'Pundit' and 'policy-based' clearly distinguishes it from general authentication or other authorization approaches. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable skill for Pundit authorization with excellent code examples and clear TDD workflow. The main weakness is verbosity - it includes extensive boilerplate code (full ApplicationPolicy, multiple similar policy patterns) that could be condensed or referenced externally. The content would benefit from splitting into a concise SKILL.md with references to detailed examples.
Suggestions
Remove or significantly condense the full ApplicationPolicy base class - Claude can generate standard Pundit boilerplate
Move detailed examples (role-based policies, nested resources, permitted attributes) to a separate EXAMPLES.md or ADVANCED.md file
Consolidate similar policy patterns into a single annotated example rather than showing multiple variations inline
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some redundancy (e.g., full ApplicationPolicy base class that Claude could generate, multiple similar policy examples). The content could be tightened by removing boilerplate that follows obvious conventions. | 2 / 3 |
Actionability | Excellent executable code throughout - complete policy specs, controller implementations, view helpers, and configuration examples. All code is copy-paste ready with realistic patterns for multi-tenant Rails apps. | 3 / 3 |
Workflow Clarity | Clear TDD workflow with explicit checklist, step-by-step progression from spec to implementation to controller integration. The checklist at the end provides validation checkpoints for the authorization implementation process. | 3 / 3 |
Progressive Disclosure | Content is well-organized with clear sections, but it's a monolithic document (~400 lines) that could benefit from splitting advanced topics (nested resources, permitted attributes, headless policies) into separate reference files. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (696 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 9 / 11 Passed | |
- Repository
- ThibautBaissac/rails_ai_agents
- Commit
15fdeaf
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.