chore: SOTA audit fixes – catalog recursive, readme regex, docs, CI, installer

- P0: Catalog includes nested skills (listSkillIdsRecursive), 626 skills
- P0: update_readme.py regex fixes 'high-performance agentic skills'
- P1: SKILL_ANATOMY risk values aligned to none|safe|critical|offensive (EN + vi)
- P1: requirements.txt + CONTRIBUTING Python setup
- P1: data/package.json version 4.6.0
- P2: npm run test + CI test step; validator docs + validation-baseline in .gitignore
- P3: Installer --version/--tag support; CI npm audit; __pycache__ in .gitignore

docs/SKILL_ANATOMY.md

@@ -73,7 +73,7 @@ Some skills include additional metadata:
 ---
 name: my-skill-name
 description: "Brief description"
-risk: "safe" # safe | risk | official
+risk: "safe" # none | safe | critical | offensive (see QUALITY_BAR.md)
 source: "community"
 tags: ["react", "typescript"]
 ---

docs/vietnamese/SKILL_ANATOMY.vi.md

@@ -73,7 +73,7 @@ Một số skill bao gồm thêm siêu dữ liệu bổ sung:
 ---
 name: my-skill-name
 description: "Mô tả ngắn"
-risk: "safe" # safe | risk | official
+risk: "safe" # none | safe | critical | offensive (xem QUALITY_BAR.md)
 source: "community"
 tags: ["react", "typescript"]
 ---