authorization-pundit

Implements policy-based authorization with Pundit for resource access control. Use when adding authorization rules, checking permissions, restricting actions, role-based access, or when user mentions Pundit, policies, authorization, or permissions.

1.04x

Quality

83%

Does it follow best practices?

Impact

93%

1.04x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a solid, actionable skill for Pundit authorization with excellent code examples and clear TDD workflow. The main weakness is verbosity - it includes extensive boilerplate code (full ApplicationPolicy, multiple similar policy patterns) that could be condensed or referenced externally. The content would benefit from splitting into a concise SKILL.md with references to detailed examples.

Suggestions

Remove or significantly condense the full ApplicationPolicy base class - Claude can generate standard Pundit boilerplate

Move detailed examples (role-based policies, nested resources, permitted attributes) to a separate EXAMPLES.md or ADVANCED.md file

Consolidate similar policy patterns into a single annotated example rather than showing multiple variations inline

Dimension	Reasoning	Score
Conciseness	The skill is comprehensive but includes some redundancy (e.g., full ApplicationPolicy base class that Claude could generate, multiple similar policy examples). The content could be tightened by removing boilerplate that follows obvious conventions.	2 / 3
Actionability	Excellent executable code throughout - complete policy specs, controller implementations, view helpers, and configuration examples. All code is copy-paste ready with realistic patterns for multi-tenant Rails apps.	3 / 3
Workflow Clarity	Clear TDD workflow with explicit checklist, step-by-step progression from spec to implementation to controller integration. The checklist at the end provides validation checkpoints for the authorization implementation process.	3 / 3
Progressive Disclosure	Content is well-organized with clear sections, but it's a monolithic document (~400 lines) that could benefit from splitting advanced topics (nested resources, permitted attributes, headless policies) into separate reference files.	2 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted skill description with strong trigger terms and explicit 'Use when' guidance that clearly defines both purpose and activation conditions. The main weakness is that the capability description could be more specific about concrete actions (e.g., creating policy classes, defining scopes, authorizing controller actions). Overall, it should perform well in skill selection scenarios.

Suggestions

Enhance specificity by listing concrete actions like 'create policy classes, define scopes, authorize controller actions, handle unauthorized access'

Dimension	Reasoning	Score
Specificity	Names the domain (Pundit, authorization) and mentions 'policy-based authorization' and 'resource access control', but doesn't list multiple specific concrete actions like 'create policies', 'define scopes', 'authorize controllers'.	2 / 3
Completeness	Clearly answers both what ('Implements policy-based authorization with Pundit for resource access control') and when ('Use when adding authorization rules, checking permissions, restricting actions, role-based access, or when user mentions Pundit, policies, authorization, or permissions').	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'authorization rules', 'checking permissions', 'restricting actions', 'role-based access', 'Pundit', 'policies', 'authorization', 'permissions' - these are all terms users naturally use when needing this functionality.	3 / 3
Distinctiveness Conflict Risk	Very distinct niche - specifically targets Pundit gem for Ruby/Rails authorization. The explicit mention of 'Pundit' and 'policy-based' clearly distinguishes it from general authentication or other authorization approaches.	3 / 3
	Total	11 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (696 lines); consider splitting into references/ and linking	Warning
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning

	Total	9 / 11 Passed

Repository: fernandezbaptiste/rails_ai_agents
Commit: 15fdeaf

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.