diff --git a/CATALOG.md b/CATALOG.md
index 68e48126..4cea2585 100644
--- a/CATALOG.md
+++ b/CATALOG.md
@@ -2,7 +2,7 @@
Generated at: 2026-02-08T00:00:00.000Z
-Total skills: 1306
+Total skills: 1309
## architecture (87)
@@ -170,7 +170,7 @@ Total skills: 1306
| `warren-buffett` | Agente que simula Warren Buffett β o maior investidor do seculo XX e XXI, CEO da Berkshire Hathaway, discipulo de Benjamin Graham e socio intelectual de Char... | persona, investing, value-investing, business | persona, investing, value-investing, business, warren, buffett, agente, que, simula, maior, investidor, do |
| `whatsapp-automation` | Automate WhatsApp Business tasks via Rube MCP (Composio): send messages, manage templates, upload media, and handle contacts. Always search tools first for c... | whatsapp | whatsapp, automation, automate, business, tasks, via, rube, mcp, composio, send, messages, upload |
-## data-ai (245)
+## data-ai (246)
| Skill | Description | Tags | Triggers |
| --- | --- | --- | --- |
@@ -345,6 +345,7 @@ Total skills: 1306
| `maxia` | Connect to MAXIA AI-to-AI marketplace on Solana. Discover, buy, sell AI services. Earn USDC. 13 MCP tools, A2A protocol, DeFi yields, sentiment analysis, rug... | solana, crypto, marketplace, ai-agents, mcp, defi, usdc, web3, a2a | solana, crypto, marketplace, ai-agents, mcp, defi, usdc, web3, a2a, maxia, connect, ai |
| `mlops-engineer` | Build comprehensive ML pipelines, experiment tracking, and model registries with MLflow, Kubeflow, and modern MLOps tools. | mlops | mlops, engineer, ml, pipelines, experiment, tracking, model, registries, mlflow, kubeflow |
| `molykit` | CRITICAL: Use for MolyKit AI chat toolkit. Triggers on: BotClient, OpenAI, SSE streaming, AI chat, molykit, PlatformSend, spawn(), ThreadToken, cross-platfor... | molykit | molykit, critical, ai, chat, toolkit, triggers, botclient, openai, sse, streaming, platformsend, spawn |
+| `moyu` | Anti-over-engineering guardrail that activates when an AI coding agent expands scope, adds abstractions, or changes files the user did not request. | moyu | moyu, anti, engineering, guardrail, activates, ai, coding, agent, expands, scope, adds, abstractions |
| `n8n-expression-syntax` | Validate n8n expression syntax and fix common errors. Use when writing n8n expressions, using {{}} syntax, accessing $json/$node variables, troubleshooting e... | n8n, expression, syntax | n8n, expression, syntax, validate, fix, common, errors, writing, expressions, accessing, json, node |
| `nanobanana-ppt-skills` | AI-powered PPT generation with document analysis and styled images | nanobanana, ppt, skills | nanobanana, ppt, skills, ai, powered, generation, document, analysis, styled, images |
| `neon-postgres` | Configure Prisma for Neon with connection pooling. | neon, postgres | neon, postgres, configure, prisma, connection, pooling |
@@ -603,7 +604,7 @@ Total skills: 1306
| `zod-validation-expert` | Expert in Zod β TypeScript-first schema validation. Covers parsing, custom errors, refinements, type inference, and integration with React Hook Form, Next.js... | zod, validation | zod, validation, typescript, first, schema, covers, parsing, custom, errors, refinements, type, inference |
| `zustand-store-ts` | Create Zustand stores following established patterns with proper TypeScript types and middleware. | zustand, store, ts | zustand, store, ts, stores, following, established, proper, typescript, types, middleware |
-## general (316)
+## general (317)
| Skill | Description | Tags | Triggers |
| --- | --- | --- | --- |
@@ -915,6 +916,7 @@ Total skills: 1306
| `wiki-page-writer` | You are a senior documentation engineer that generates comprehensive technical documentation pages with evidence-based depth. | wiki, page, writer | wiki, page, writer, senior, documentation, engineer, generates, technical, pages, evidence, depth |
| `wiki-researcher` | You are an expert software engineer and systems analyst. Use when user asks "how does X work" with expectation of depth, user wants to understand a complex s... | wiki, researcher | wiki, researcher, software, engineer, analyst, user, asks, how, does, work, expectation, depth |
| `wiki-vitepress` | Transform generated wiki Markdown files into a polished VitePress static site with dark theme and interactive Mermaid diagrams. Use when user asks to "build ... | wiki, vitepress | wiki, vitepress, transform, generated, markdown, files, polished, static, site, dark, theme, interactive |
+| `windows-shell-reliability` | Reliable command execution on Windows: paths, encoding, and common binary pitfalls. | windows, shell, reliability | windows, shell, reliability, reliable, command, execution, paths, encoding, common, binary, pitfalls |
| `writing-plans` | Use when you have a spec or requirements for a multi-step task, before touching code | writing, plans | writing, plans, spec, requirements, multi, step, task, before, touching, code |
| `writing-skills` | Use when creating, updating, or improving agent skills. | writing, skills | writing, skills, creating, updating, improving, agent |
| `x-article-publisher-skill` | Publish articles to X/Twitter | x, article, publisher, skill | x, article, publisher, skill, publish, articles, twitter |
@@ -1251,7 +1253,7 @@ Total skills: 1306
| `wiki-qa` | Answer repository questions grounded entirely in source code evidence. Use when user asks a question about the codebase, user wants to understand a specific ... | wiki, qa | wiki, qa, answer, repository, questions, grounded, entirely, source, code, evidence, user, asks |
| `windows-privilege-escalation` | Provide systematic methodologies for discovering and exploiting privilege escalation vulnerabilities on Windows systems during penetration testing engagements. | windows, privilege, escalation | windows, privilege, escalation, provide, systematic, methodologies, discovering, exploiting, vulnerabilities, during, penetration, testing |
-## workflow (99)
+## workflow (100)
| Skill | Description | Tags | Triggers |
| --- | --- | --- | --- |
@@ -1305,6 +1307,7 @@ Total skills: 1306
| `instagram-automation` | Automate Instagram tasks via Rube MCP (Composio): create posts, carousels, manage media, get insights, and publishing limits. Always search tools first for c... | instagram | instagram, automation, automate, tasks, via, rube, mcp, composio, posts, carousels, media, get |
| `intercom-automation` | Automate Intercom tasks via Rube MCP (Composio): conversations, contacts, companies, segments, admins. Always search tools first for current schemas. | intercom | intercom, automation, automate, tasks, via, rube, mcp, composio, conversations, contacts, companies, segments |
| `jira-automation` | Automate Jira tasks via Rube MCP (Composio): issues, projects, sprints, boards, comments, users. Always search tools first for current schemas. | jira | jira, automation, automate, tasks, via, rube, mcp, composio, issues, sprints, boards, comments |
+| `jobgpt` | Job search automation, auto apply, resume generation, application tracking, salary intelligence, and recruiter outreach using the JobGPT MCP server. | jobgpt | jobgpt, job, search, automation, auto, apply, resume, generation, application, tracking, salary, intelligence |
| `kaizen` | Guide for continuous improvement, error proofing, and standardization. Use this skill when the user wants to improve code quality, refactor, or discuss proce... | kaizen | kaizen, continuous, improvement, error, proofing, standardization, skill, user, wants, improve, code, quality |
| `klaviyo-automation` | Automate Klaviyo tasks via Rube MCP (Composio): manage email/SMS campaigns, inspect campaign messages, track tags, and monitor send jobs. Always search tools... | klaviyo | klaviyo, automation, automate, tasks, via, rube, mcp, composio, email, sms, campaigns, inspect |
| `libreoffice/impress` | Presentation creation, format conversion (ODP/PPTX/PDF), slide automation with LibreOffice Impress. | libreoffice/impress | libreoffice/impress, impress, presentation, creation, format, conversion, odp, pptx, pdf, slide, automation, libreoffice |
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2405cee..a6933aa6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+## [8.7.0] - 2026-03-23 - "Reference Recovery and Release Reliability"
+
+> Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.
+
+Start here:
+
+- Install: `npx antigravity-awesome-skills`
+- Choose your tool: [README -> Choose Your Tool](https://github.com/sickn33/antigravity-awesome-skills#choose-your-tool)
+- Best skills by tool: [README -> Best Skills By Tool](https://github.com/sickn33/antigravity-awesome-skills#best-skills-by-tool)
+- Bundles: [docs/users/bundles.md](https://github.com/sickn33/antigravity-awesome-skills/blob/main/docs/users/bundles.md)
+- Workflows: [docs/users/workflows.md](https://github.com/sickn33/antigravity-awesome-skills/blob/main/docs/users/workflows.md)
+
+This release packages the maintainer sweep after `v8.6.0`: restored missing C++ reference material, added three new community skills plus the maintainer-integrated `jobgpt` skill, and fixed the Jetski lazy-loader example so release validation no longer fails on a raw TypeScript import.
+
+## New Skills
+
+- **moyu** - anti-over-engineering guardrails for AI coding agents that need to stay narrowly scoped and prefer the smallest viable change (PR #384)
+- **windows-shell-reliability** - practical Windows PowerShell and CMD guidance for encoding, quoting, logging, and detached process launches (PR #386)
+- **jobgpt** - JobGPT MCP integration for job search automation, resume generation, application tracking, salary insights, and recruiter outreach (local maintainer integration from PR #388)
+
+## Improvements
+
+- **cpp-pro restoration**: Restored the missing `cpp-pro` nested reference guides and implementation playbook so the skill's documented deep links work again (PR #383, issue #382).
+- **Release reliability**: Converted the Jetski Gemini loader example from `loader.ts` to a directly importable `loader.mjs`, updated repo references, and restored green local test coverage for the release pipeline.
+- **Registry sync**: Refreshed `README.md`, `CATALOG.md`, `skills_index.json`, `data/catalog.json`, `data/bundles.json`, contributors, and tracked web assets so `main` now reflects `1,309+` indexed skills.
+- **Metadata hardening**: Brought the merged `moyu` skill back within the frozen validation warning budget by adding explicit metadata and a `When to Use` section.
+
+## Who should care
+
+- **Claude Code and Cursor users** get four new or newly repaired skills, including scope-control guidance, better Windows shell reliability tips, and restored `cpp-pro` deep-dive references.
+- **Codex CLI and Gemini CLI users** benefit from the same skill additions plus a working Jetski lazy-loader example that can now be imported directly in Node-based host setups.
+- **Maintainers** get a release path that is green again end-to-end, with generated registry artifacts and contributor data re-synced on `main`.
+
+## Credits
+
+- **[@Champbreed](https://github.com/Champbreed)** for restoring the `cpp-pro` references in PR #383
+- **[@uucz](https://github.com/uucz)** for the new `moyu` skill in PR #384
+- **[@terryspitz](https://github.com/terryspitz)** for the new `windows-shell-reliability` skill in PR #386
+- **[@captainjackrana](https://github.com/captainjackrana)** for the original `jobgpt` contribution in PR #388
+
+Upgrade now: `git pull origin main` to fetch the latest skills.
+
## [8.6.0] - 2026-03-22 - "Targeted Activation and Catalog Cleanup"
> Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.
diff --git a/README.md b/README.md
index 31ce45dd..8f27b0ed 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-
-# π Antigravity Awesome Skills: 1,306+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
+
+# π Antigravity Awesome Skills: 1,309+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
-> **Installable GitHub library of 1,306+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.**
+> **Installable GitHub library of 1,309+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.**
Antigravity Awesome Skills is a GitHub repository and installer CLI for reusable `SKILL.md` playbooks. Instead of collecting random prompts, you get a searchable, installable skill library for planning, coding, debugging, testing, security review, infrastructure work, product workflows, and growth tasks across the major AI coding assistants.
@@ -26,7 +26,7 @@ Antigravity Awesome Skills is a GitHub repository and installer CLI for reusable
- **Installable, not just inspirational**: use `npx antigravity-awesome-skills` to put skills where your tool expects them.
- **Built for major agent workflows**: Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, Kiro, OpenCode, Copilot, and more.
-- **Broad coverage with real utility**: 1,306+ skills across development, testing, security, infrastructure, product, and marketing.
+- **Broad coverage with real utility**: 1,309+ skills across development, testing, security, infrastructure, product, and marketing.
- **Faster onboarding**: bundles and workflows reduce the time from "I found this repo" to "I used my first skill".
- **Useful whether you want breadth or curation**: browse the full catalog, start with top bundles, or compare alternatives before installing.
@@ -43,7 +43,7 @@ Antigravity Awesome Skills is a GitHub repository and installer CLI for reusable
- [π§ Antigravity Workflows](#antigravity-workflows)
- [βοΈ Alternatives & Comparisons](#alternatives--comparisons)
- [π¦ Features & Categories](#features--categories)
-- [π Browse 1,306+ Skills](#browse-1306-skills)
+- [π Browse 1,309+ Skills](#browse-1309-skills)
- [π€ Contributing](#contributing)
- [π¬ Community](#community)
- [β Support the Project](#support-the-project)
@@ -179,7 +179,7 @@ This installs the same repository-backed skill library through Claude Code's plu
## Best Skills By Tool
-If you want a faster answer than "browse all 1,306+ skills", start with a tool-specific guide:
+If you want a faster answer than "browse all 1,309+ skills", start with a tool-specific guide:
- **[Claude Code skills](docs/users/claude-code-skills.md)**: install paths, starter skills, prompt examples, and plugin marketplace flow.
- **[Cursor skills](docs/users/cursor-skills.md)**: best starter skills for `.cursor/skills/`, UI-heavy work, and pair-programming flows.
@@ -341,7 +341,7 @@ The repository is organized into specialized domains to transform your AI into a
Counts change as new skills are added. For the current full registry, see [CATALOG.md](CATALOG.md).
-## Browse 1,306+ Skills
+## Browse 1,309+ Skills
- Open the interactive browser in [`apps/web-app`](apps/web-app).
- Read the full catalog in [`CATALOG.md`](CATALOG.md).
@@ -652,8 +652,6 @@ We officially thank the following contributors for their help in making this rep
- [@wd041216-bit](https://github.com/wd041216-bit)
- [@conorbronsdon](https://github.com/conorbronsdon)
- [@ChaosRealmsAI](https://github.com/ChaosRealmsAI)
-- [@kriptoburak](https://github.com/kriptoburak)
-- [@BenedictKing](https://github.com/BenedictKing)
- [@fernandezbaptiste](https://github.com/fernandezbaptiste)
- [@acbhatt12](https://github.com/acbhatt12)
- [@Andruia](https://github.com/Andruia)
diff --git a/apps/web-app/public/sitemap.xml b/apps/web-app/public/sitemap.xml
index c37a2506..4d68e081 100644
--- a/apps/web-app/public/sitemap.xml
+++ b/apps/web-app/public/sitemap.xml
@@ -6,6 +6,18 @@
daily
1.0
+
+ http://localhost/skill/jobgpt
+ 2026-03-23
+ weekly
+ 0.7
+
+
+ http://localhost/skill/moyu
+ 2026-03-23
+ weekly
+ 0.7
+
http://localhost/skill/gdb-cli
2026-03-23
@@ -210,6 +222,12 @@
weekly
0.7
+
+ http://localhost/skill/windows-shell-reliability
+ 2026-03-23
+ weekly
+ 0.7
+
http://localhost/skill/advanced-evaluation
2026-03-23
@@ -228,22 +246,4 @@
weekly
0.7
-
- http://localhost/skill/hono
- 2026-03-23
- weekly
- 0.7
-
-
- http://localhost/skill/landing-page-generator
- 2026-03-23
- weekly
- 0.7
-
-
- http://localhost/skill/openclaw-github-repo-commander
- 2026-03-23
- weekly
- 0.7
-
diff --git a/apps/web-app/public/skills.json.backup b/apps/web-app/public/skills.json.backup
index 2b20d29c..103d4fbd 100644
--- a/apps/web-app/public/skills.json.backup
+++ b/apps/web-app/public/skills.json.backup
@@ -6989,6 +6989,16 @@
"source": "community",
"date_added": "2026-02-27"
},
+ {
+ "id": "jobgpt",
+ "path": "skills/jobgpt",
+ "category": "uncategorized",
+ "name": "jobgpt",
+ "description": "Job search automation, auto apply, resume generation, application tracking, salary intelligence, and recruiter outreach using the JobGPT MCP server.",
+ "risk": "safe",
+ "source": "community",
+ "date_added": "2026-03-23"
+ },
{
"id": "json-canvas",
"path": "skills/json-canvas",
@@ -8129,6 +8139,16 @@
"source": "community",
"date_added": "2026-02-27"
},
+ {
+ "id": "moyu",
+ "path": "skills/moyu",
+ "category": "ai-ml",
+ "name": "moyu",
+ "description": "Anti-over-engineering guardrail that activates when an AI coding agent expands scope, adds abstractions, or changes files the user did not request.\n",
+ "risk": "safe",
+ "source": "community",
+ "date_added": "2026-03-23"
+ },
{
"id": "mtls-configuration",
"path": "skills/mtls-configuration",
@@ -12749,6 +12769,16 @@
"source": "community",
"date_added": "2026-02-27"
},
+ {
+ "id": "windows-shell-reliability",
+ "path": "skills/windows-shell-reliability",
+ "category": "uncategorized",
+ "name": "windows-shell-reliability",
+ "description": "Reliable command execution on Windows: paths, encoding, and common binary pitfalls.",
+ "risk": "safe",
+ "source": "community",
+ "date_added": "2026-03-19"
+ },
{
"id": "wireshark-analysis",
"path": "skills/wireshark-analysis",
diff --git a/data/bundles.json b/data/bundles.json
index dc69fab6..24b9e61a 100644
--- a/data/bundles.json
+++ b/data/bundles.json
@@ -804,6 +804,7 @@
"interactive-portfolio",
"intercom-automation",
"jira-automation",
+ "jobgpt",
"klaviyo-automation",
"kubernetes-deployment",
"langgraph",
diff --git a/data/catalog.json b/data/catalog.json
index 2add34e1..f01e3cae 100644
--- a/data/catalog.json
+++ b/data/catalog.json
@@ -1,6 +1,6 @@
{
"generatedAt": "2026-02-08T00:00:00.000Z",
- "total": 1306,
+ "total": 1309,
"skills": [
{
"id": "00-andruia-consultant",
@@ -17144,6 +17144,30 @@
],
"path": "skills/jira-automation/SKILL.md"
},
+ {
+ "id": "jobgpt",
+ "name": "jobgpt",
+ "description": "Job search automation, auto apply, resume generation, application tracking, salary intelligence, and recruiter outreach using the JobGPT MCP server.",
+ "category": "workflow",
+ "tags": [
+ "jobgpt"
+ ],
+ "triggers": [
+ "jobgpt",
+ "job",
+ "search",
+ "automation",
+ "auto",
+ "apply",
+ "resume",
+ "generation",
+ "application",
+ "tracking",
+ "salary",
+ "intelligence"
+ ],
+ "path": "skills/jobgpt/SKILL.md"
+ },
{
"id": "json-canvas",
"name": "json-canvas",
@@ -20052,6 +20076,30 @@
],
"path": "skills/moodle-external-api-development/SKILL.md"
},
+ {
+ "id": "moyu",
+ "name": "moyu",
+ "description": "Anti-over-engineering guardrail that activates when an AI coding agent expands scope, adds abstractions, or changes files the user did not request.",
+ "category": "data-ai",
+ "tags": [
+ "moyu"
+ ],
+ "triggers": [
+ "moyu",
+ "anti",
+ "engineering",
+ "guardrail",
+ "activates",
+ "ai",
+ "coding",
+ "agent",
+ "expands",
+ "scope",
+ "adds",
+ "abstractions"
+ ],
+ "path": "skills/moyu/SKILL.md"
+ },
{
"id": "mtls-configuration",
"name": "mtls-configuration",
@@ -31286,6 +31334,31 @@
],
"path": "skills/windows-privilege-escalation/SKILL.md"
},
+ {
+ "id": "windows-shell-reliability",
+ "name": "windows-shell-reliability",
+ "description": "Reliable command execution on Windows: paths, encoding, and common binary pitfalls.",
+ "category": "general",
+ "tags": [
+ "windows",
+ "shell",
+ "reliability"
+ ],
+ "triggers": [
+ "windows",
+ "shell",
+ "reliability",
+ "reliable",
+ "command",
+ "execution",
+ "paths",
+ "encoding",
+ "common",
+ "binary",
+ "pitfalls"
+ ],
+ "path": "skills/windows-shell-reliability/SKILL.md"
+ },
{
"id": "wireshark-analysis",
"name": "wireshark-analysis",
diff --git a/docs/integrations/jetski-cortex.md b/docs/integrations/jetski-cortex.md
index e2f85e49..0b6401f3 100644
--- a/docs/integrations/jetski-cortex.md
+++ b/docs/integrations/jetski-cortex.md
@@ -1,9 +1,9 @@
---
title: Jetski/Cortex + Gemini Integration Guide
-description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando lβoverflow di contesto con 1.306+ skill."
+description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando lβoverflow di contesto con 1.309+ skill."
---
-# Jetski/Cortex + Gemini: integrazione sicura con 1.306+ skill
+# Jetski/Cortex + Gemini: integrazione sicura con 1.309+ skill
Questa guida mostra come integrare il repository `antigravity-awesome-skills` con un agente basato su **Jetski/Cortex + Gemini** (o framework simili) **senza superare il context window** del modello.
@@ -23,7 +23,7 @@ Non bisogna mai:
- concatenare il contenuto di tutte le `SKILL.md` in un singolo system prompt;
- reiniettare lβintera libreria per **ogni** richiesta.
-Con oltre 1.306 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dellβutente, causando lβerrore di truncation.
+Con oltre 1.309 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dellβutente, causando lβerrore di truncation.
---
diff --git a/docs/integrations/jetski-gemini-loader/README.md b/docs/integrations/jetski-gemini-loader/README.md
index 625a915c..f227e1b2 100644
--- a/docs/integrations/jetski-gemini-loader/README.md
+++ b/docs/integrations/jetski-gemini-loader/README.md
@@ -20,13 +20,13 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
- How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
- How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
-This pattern avoids context overflow when you have 1,306+ skills installed.
+This pattern avoids context overflow when you have 1,309+ skills installed.
---
## Files
-- `loader.ts`
+- `loader.mjs`
- Implements:
- `loadSkillIndex(indexPath)`;
- `resolveSkillsFromMessages(messages, index, maxSkills)`;
@@ -45,7 +45,7 @@ import {
loadSkillIndex,
buildModelMessages,
Message,
-} from "./loader";
+} from "./loader.mjs";
const REPO_ROOT = "/path/to/antigravity-awesome-skills";
const SKILLS_ROOT = REPO_ROOT;
@@ -86,7 +86,7 @@ Adapt the paths and model call to your environment.
- **Do not** iterate through `skills/*/SKILL.md` and load everything at once.
- This example:
- assumes skills live under the same repo root as `data/skills_index.json`;
- - uses Node.js `fs`/`path` APIs and TypeScript types for clarity.
+ - uses a plain Node.js ESM module so it can be imported directly without a TypeScript runtime.
- In a real host:
- wire `buildModelMessages` into the point where you currently assemble the prompt before `TrajectoryChatConverter`;
- consider `overflowBehavior: "error"` if you want a clear user-facing failure instead of silently dropping extra skills;
diff --git a/docs/integrations/jetski-gemini-loader/loader.ts b/docs/integrations/jetski-gemini-loader/loader.mjs
similarity index 64%
rename from docs/integrations/jetski-gemini-loader/loader.ts
rename to docs/integrations/jetski-gemini-loader/loader.mjs
index 382277ec..0c0f0578 100644
--- a/docs/integrations/jetski-gemini-loader/loader.ts
+++ b/docs/integrations/jetski-gemini-loader/loader.mjs
@@ -1,27 +1,28 @@
import fs from "fs";
import path from "path";
-export type SkillMeta = {
- id: string;
- path: string;
- name: string;
- description?: string;
- category?: string;
- risk?: string;
-};
+/**
+ * @typedef {{
+ * id: string,
+ * path: string,
+ * name: string,
+ * description?: string,
+ * category?: string,
+ * risk?: string,
+ * }} SkillMeta
+ */
-export type Message = {
- role: "system" | "user" | "assistant";
- content: string;
-};
+/**
+ * @typedef {{
+ * role: "system" | "user" | "assistant",
+ * content: string,
+ * }} Message
+ */
const SKILL_ID_REGEX = /@([a-zA-Z0-9-_./]+)/g;
-function collectReferencedSkillIds(
- messages: Message[],
- index: Map
-): string[] {
- const referencedSkillIds = new Set();
+function collectReferencedSkillIds(messages, index) {
+ const referencedSkillIds = new Set();
for (const msg of messages) {
for (const match of msg.content.matchAll(SKILL_ID_REGEX)) {
@@ -35,7 +36,7 @@ function collectReferencedSkillIds(
return [...referencedSkillIds];
}
-function assertValidMaxSkills(maxSkills: number): number {
+function assertValidMaxSkills(maxSkills) {
if (!Number.isInteger(maxSkills) || maxSkills < 1) {
throw new Error("maxSkills must be a positive integer.");
}
@@ -43,10 +44,10 @@ function assertValidMaxSkills(maxSkills: number): number {
return maxSkills;
}
-export function loadSkillIndex(indexPath: string): Map {
+export function loadSkillIndex(indexPath) {
const raw = fs.readFileSync(indexPath, "utf8");
- const arr = JSON.parse(raw) as SkillMeta[];
- const map = new Map();
+ const arr = JSON.parse(raw);
+ const map = new Map();
for (const meta of arr) {
map.set(meta.id, meta);
@@ -55,15 +56,11 @@ export function loadSkillIndex(indexPath: string): Map {
return map;
}
-export function resolveSkillsFromMessages(
- messages: Message[],
- index: Map,
- maxSkills: number
-): SkillMeta[] {
+export function resolveSkillsFromMessages(messages, index, maxSkills) {
const skillLimit = assertValidMaxSkills(maxSkills);
const referencedSkillIds = collectReferencedSkillIds(messages, index);
- const metas: SkillMeta[] = [];
+ const metas = [];
for (const id of referencedSkillIds) {
const meta = index.get(id);
if (meta) {
@@ -77,11 +74,8 @@ export function resolveSkillsFromMessages(
return metas;
}
-export async function loadSkillBodies(
- skillsRoot: string,
- metas: SkillMeta[]
-): Promise {
- const bodies: string[] = [];
+export async function loadSkillBodies(skillsRoot, metas) {
+ const bodies = [];
const rootPath = path.resolve(skillsRoot);
const rootRealPath = await fs.promises.realpath(rootPath);
@@ -95,13 +89,17 @@ export async function loadSkillBodies(
const skillDirStat = await fs.promises.lstat(skillDirPath);
if (!skillDirStat.isDirectory() || skillDirStat.isSymbolicLink()) {
- throw new Error(`Skill directory must be a regular directory inside the skills root: ${meta.id}`);
+ throw new Error(
+ `Skill directory must be a regular directory inside the skills root: ${meta.id}`,
+ );
}
const fullPath = path.join(skillDirPath, "SKILL.md");
const skillFileStat = await fs.promises.lstat(fullPath);
if (!skillFileStat.isFile() || skillFileStat.isSymbolicLink()) {
- throw new Error(`SKILL.md must be a regular file inside the skills root: ${meta.id}`);
+ throw new Error(
+ `SKILL.md must be a regular file inside the skills root: ${meta.id}`,
+ );
}
const realPath = await fs.promises.realpath(fullPath);
@@ -117,14 +115,7 @@ export async function loadSkillBodies(
return bodies;
}
-export async function buildModelMessages(options: {
- baseSystemMessages: Message[];
- trajectory: Message[];
- skillIndex: Map;
- skillsRoot: string;
- maxSkillsPerTurn?: number;
- overflowBehavior?: "truncate" | "error";
-}): Promise {
+export async function buildModelMessages(options) {
const {
baseSystemMessages,
trajectory,
@@ -136,19 +127,16 @@ export async function buildModelMessages(options: {
const skillLimit = assertValidMaxSkills(maxSkillsPerTurn);
const referencedSkillIds = collectReferencedSkillIds(trajectory, skillIndex);
- if (
- overflowBehavior === "error" &&
- referencedSkillIds.length > skillLimit
- ) {
+ if (overflowBehavior === "error" && referencedSkillIds.length > skillLimit) {
throw new Error(
- `Too many skills requested in a single turn. Reduce @skill-id usage to ${skillLimit} or fewer.`
+ `Too many skills requested in a single turn. Reduce @skill-id usage to ${skillLimit} or fewer.`,
);
}
const selectedMetas = resolveSkillsFromMessages(
trajectory,
skillIndex,
- skillLimit
+ skillLimit,
);
if (selectedMetas.length === 0) {
@@ -157,7 +145,7 @@ export async function buildModelMessages(options: {
const skillBodies = await loadSkillBodies(skillsRoot, selectedMetas);
- const skillMessages: Message[] = skillBodies.map((body) => ({
+ const skillMessages = skillBodies.map((body) => ({
role: "system",
content: body,
}));
diff --git a/docs/maintainers/repo-growth-seo.md b/docs/maintainers/repo-growth-seo.md
index 6eecf385..12124106 100644
--- a/docs/maintainers/repo-growth-seo.md
+++ b/docs/maintainers/repo-growth-seo.md
@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
Preferred positioning:
-> Installable GitHub library of 1,306+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,309+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
Key framing:
@@ -20,7 +20,7 @@ Key framing:
Preferred description:
-> Installable GitHub library of 1,306+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,309+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
Preferred homepage:
@@ -28,7 +28,7 @@ Preferred homepage:
Preferred social preview:
-- use a clean preview image that says `1,306+ Agentic Skills`;
+- use a clean preview image that says `1,309+ Agentic Skills`;
- mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
- avoid dense text and tiny logos that disappear in social cards.
diff --git a/docs/maintainers/security-findings-triage-2026-03-15.csv b/docs/maintainers/security-findings-triage-2026-03-15.csv
index ddcc036e..8ee04033 100644
--- a/docs/maintainers/security-findings-triage-2026-03-15.csv
+++ b/docs/maintainers/security-findings-triage-2026-03-15.csv
@@ -9,7 +9,7 @@ https://chatgpt.com/codex/security/findings/24940dbf717081919c799c7f3e1481e6,sic
https://chatgpt.com/codex/security/findings/ad700289b03c8191a2b256e0b9a72e24,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,Symlinked file copy in Microsoft skill sync can leak host data,"The newly added `scripts/sync_microsoft_skills.py` copies all non-SKILL files from the cloned Microsoft repository into `skills/official/microsoft`. It uses `Path.is_file()` and `shutil.copy2()` without disabling symlink following. If an attacker can introduce a symlinked file in the upstream repo (or a compromised mirror), the script will dereference it and copy the target file contents (e.g., `/proc/self/environ`, `~/.ssh/*`) into the skills directory. When run in CI or a maintainer environment, this enables unintended disclosure of host files and secrets through the generated artifacts.",medium,new,2026-03-13T21:49:30.432277Z,2026-02-11 20:36:09 +0500,ar27111994@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,17bce709dedfbbdbcc836c0ca24eaa85713fca66,scripts/sync_microsoft_skills.py,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,tools/scripts/sync_microsoft_skills.py,duplicate of another finding,Microsoft sync resolved symlinked skill directories and copied files without proving the resolved source stayed inside the cloned repo.,filesystem-trust-boundary,Symlink file copying in .github/skills sync leaks host files,Same origin/main behavior as finding 7: the Microsoft sync path trusted resolved symlink targets and copied files from them.,Fix once in sync_microsoft_skills.py by constraining resolved paths to the clone root.,python3 tools/scripts/tests/test_sync_microsoft_skills_security.py,codex/security-filesystem-trust-boundary
https://chatgpt.com/codex/security/findings/7dd6119817408191b7e18678576a958a,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,Committed Python bytecode can hide malicious logic,"This update introduces compiled Python bytecode files (core.cpython-314.pyc and design_system.cpython-314.pyc) into the repository. When search.py imports core or design_system, Python will prefer a valid __pycache__ bytecode file over the source module if the timestamp/hash matches the runtime interpreter. This enables a supplyβchain backdoor: malicious code could be embedded in the .pyc while the .py source remains benign, leading to arbitrary code execution when users run the skill scripts.",medium,new,2026-03-13T22:32:57.904438Z,2026-01-16 17:34:54 +0100,samujackson1337@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,faf478f38907e0929f921bcff73557d57ea97247,skills/ui-ux-pro-max/scripts/search.py | skills/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc | skills/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,skills/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc | skills/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc,still present but low practical risk,Compiled Python bytecode was committed alongside source.,robustness,Committed Python bytecode can hide malicious logic,"On origin/main, tracked __pycache__ artifacts were still present under skills/ui-ux-pro-max/scripts, which is review-hostile but not independently exploitable.",Remove tracked bytecode artifacts and rely on source-only review plus .gitignore.,node tools/scripts/tests/repo_hygiene_security.test.js,codex/security-robustness
https://chatgpt.com/codex/security/findings/eee41bc6b7bc819186c798ae59fa94a2,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,Symlinked SKILL.md can leak host files via index script,"scripts/generate_index.py walks the skills tree and opens any SKILL.md it finds. Because it does not verify that SKILL.md is a regular file within the skills directory, a contributor can add a SKILL.md symlink pointing to a sensitive file on the build host (e.g., ~/.ssh/id_rsa or /proc/self/environ). When maintainers run the script, it will read that file and embed the extracted content into skills_index.json, which may later be committed or published as an artifact. This is a supply-chain info disclosure risk introduced by the new script.",medium,new,2026-03-13T22:33:24.826296Z,2026-01-14 20:49:05 +0100,samujackson1337@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,d32f89a21169fbc77bed59b325e3df17f85d2fad,scripts/generate_index.py,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,tools/scripts/generate_index.py,still present but low practical risk,Index generation read symlinked SKILL.md files without checking that the target stayed inside the repo.,filesystem-trust-boundary,Symlinked SKILL.md can leak host files via index script,"On origin/main, generate_index.py opened every SKILL.md it found via os.walk and did not skip symlinked SKILL.md files, so a malicious local symlink could exfiltrate another file into index metadata generation.",Skip symlinked SKILL.md files during indexing.,python3 tools/scripts/tests/test_frontmatter_parsing_security.py,codex/security-filesystem-trust-boundary
-https://chatgpt.com/codex/security/findings/c0c1181e19dc81919d5b20f2288dc348,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,"Example loader trusts manifest paths, enabling file read","The added example loader builds file paths from skills_index.json metadata and reads SKILL.md without validating that the resolved path stays within the skills root or that it is not a symlink. If a malicious contributor supplies a crafted skills_index.json entry or a symlinked SKILL.md in the skills tree, a user who runs this loader and references that skill can end up reading and sending local file contents to the model. This is an information disclosure risk in supply-chain scenarios and should be mitigated by normalizing paths, enforcing a skillsRoot prefix check, and rejecting symlinks via lstat/realpath.",low,new,2026-03-13T20:55:25.060750Z,2026-03-11 15:42:35 +0100,samujackson1337@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,a41f1a4d613c8c0acb424abaa11b6a6f84f3f0ba,examples/jetski-gemini-loader/loader.ts,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,docs/integrations/jetski-gemini-loader/loader.ts,obsolete/not reproducible on current HEAD,Historical manifest-path trust in the Jetski loader example.,,,"On origin/main, the loader example resolves the requested file and rejects any path whose path.relative escapes the configured skills root, so the reported direct file read no longer reproduces.",n/a,n/a,
+https://chatgpt.com/codex/security/findings/c0c1181e19dc81919d5b20f2288dc348,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,"Example loader trusts manifest paths, enabling file read","The added example loader builds file paths from skills_index.json metadata and reads SKILL.md without validating that the resolved path stays within the skills root or that it is not a symlink. If a malicious contributor supplies a crafted skills_index.json entry or a symlinked SKILL.md in the skills tree, a user who runs this loader and references that skill can end up reading and sending local file contents to the model. This is an information disclosure risk in supply-chain scenarios and should be mitigated by normalizing paths, enforcing a skillsRoot prefix check, and rejecting symlinks via lstat/realpath.",low,new,2026-03-13T20:55:25.060750Z,2026-03-11 15:42:35 +0100,samujackson1337@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,a41f1a4d613c8c0acb424abaa11b6a6f84f3f0ba,examples/jetski-gemini-loader/loader.mjs,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,docs/integrations/jetski-gemini-loader/loader.mjs,obsolete/not reproducible on current HEAD,Historical manifest-path trust in the Jetski loader example.,,,"On origin/main, the loader example resolves the requested file and rejects any path whose path.relative escapes the configured skills root, so the reported direct file read no longer reproduces.",n/a,n/a,
https://chatgpt.com/codex/security/findings/bafe0096db1081919bad2ba2ec243f5e,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,TLS certificate verification disabled in new scrapers,"The newly added leiloeiros scraping utilities disable TLS certificate verification for all HTTP requests and Playwright page loads. The base scraper uses httpx.AsyncClient with verify=False and Playwright contexts with ignore_https_errors=True, and the fallback scraper repeats verify=False. This allows active network attackers to intercept or tamper with scraped content, potentially poisoning downstream data or leaking any credentials used by the scraper.",low,new,2026-03-13T21:25:34.569244Z,2026-03-07 10:04:07 +0100,renatogracie@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,61ec71c5c7b9b9eaa12504452deda8da8677ba48,skills/junta-leiloeiros/scripts/scraper/base_scraper.py | skills/junta-leiloeiros/scripts/web_scraper_fallback.py,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,skills/junta-leiloeiros/scripts/scraper/base_scraper.py | skills/junta-leiloeiros/scripts/web_scraper_fallback.py,still present but low practical risk,HTTP scrapers disabled TLS verification by default.,auth-integrity,TLS certificate verification disabled in new scrapers,"On origin/main, both the base scraper and the direct fallback client instantiated HTTP clients with verify=False / ignore_https_errors=True, which weakens transport integrity but is a local-run scraper risk rather than an application RCE.",Enable TLS verification by default and require an explicit environment opt-out for insecure targets.,python3 tools/scripts/tests/test_junta_tls_security.py,codex/security-auth-integrity
https://chatgpt.com/codex/security/findings/e9dcff2b3f0481918fc76060bd837fb8,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,Complete bundle omits valid skill categories,"The new tools/lib/skill-filter.js defines SKILL_CATEGORIES with hardcoded values (core, architecture, etc.) that are not aligned with the real categories stored in skills_index.json (e.g., ""development""). The ""complete"" bundle derives its category list from Object.keys(SKILL_CATEGORIES), so any real category not present in the hardcoded list is silently excluded. This means getSkillsByBundle('complete') will omit many skills, defeating the intent of a complete bundle and potentially confusing consumers who expect full coverage.",low,new,2026-03-13T21:04:11.988883Z,2026-03-07 10:02:18 +0100,169171880+Sayeem3051@users.noreply.github.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,5f6f94b53f9b8afa02d020775a0a172af009baaa,tools/lib/skill-filter.js | skills_index.json,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,tools/lib/skill-filter.js | tools/scripts/build-catalog.js | data/bundles.json,obsolete/not reproducible on current HEAD,Historical bundle-category omission in a helper path no longer driving shipped bundle data.,,,"On origin/main, shipped bundle data is generated by tools/scripts/build-catalog.js into data/bundles.json; the reported omission in tools/lib/skill-filter.js does not drive current shipped catalog data.",n/a,n/a,
https://chatgpt.com/codex/security/findings/279041383cc08191abdb9dfa99a03f7c,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,Malformed frontmatter delimiter breaks YAML parsing for skills,"The commit replaces valid `license:` fields with lines that start with `---`, e.g. `--- Unknown` in `skills/alpha-vantage/SKILL.md`. The frontmatter parser in `lib/skill-utils.js` reads the block between the first and next `---` line and then parses it as YAML. A `---` marker inside the block is treated as a YAML document delimiter, which makes the frontmatter invalid or splits it into multiple documents. As a result, validators and index generation will report frontmatter parse errors and drop metadata for these skills. This is a regression introduced by the automated fixes.",low,new,2026-03-13T21:09:11.726502Z,2026-03-06 09:18:57 +0100,samujackson1337@gmail.com,,,false,user-fuMnwbfSqxaibK03vsOVrTVI:github-1134426800,93d6badcee41fbacc26b427d3f8d5665ea25b7e6,skills/alpha-vantage/SKILL.md | lib/skill-utils.js,,226f10c2a62fc182b4e93458bddea2e60f9b0cb9,skills/alpha-vantage/SKILL.md | tools/lib/skill-utils.js,still present but low practical risk,Malformed local SKILL.md frontmatter caused parser drift and validation noise.,robustness,Malformed frontmatter delimiter breaks YAML parsing for skills,"On origin/main, skills/alpha-vantage/SKILL.md still contained an extra delimiter token (--- Unknown), which caused parser warnings and broken metadata interpretation.",Repair the malformed frontmatter so the file is a valid YAML frontmatter document.,node tools/scripts/tests/repo_hygiene_security.test.js,codex/security-robustness
diff --git a/docs/maintainers/security-findings-triage-2026-03-15.md b/docs/maintainers/security-findings-triage-2026-03-15.md
index eda760a4..d3d7d362 100644
--- a/docs/maintainers/security-findings-triage-2026-03-15.md
+++ b/docs/maintainers/security-findings-triage-2026-03-15.md
@@ -33,7 +33,7 @@
| 8 | medium | Symlinked file copy in Microsoft skill sync can leak host data | `tools/scripts/sync_microsoft_skills.py` | duplicate of another finding | filesystem-trust-boundary | Same origin/main behavior as finding 7: the Microsoft sync path trusted resolved symlink targets and copied files from them. | Fix once in sync_microsoft_skills.py by constraining resolved paths to the clone root. | codex/security-filesystem-trust-boundary |
| 9 | medium | Committed Python bytecode can hide malicious logic | `skills/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc | skills/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc` | still present but low practical risk | robustness | On origin/main, tracked __pycache__ artifacts were still present under skills/ui-ux-pro-max/scripts, which is review-hostile but not independently exploitable. | Remove tracked bytecode artifacts and rely on source-only review plus .gitignore. | codex/security-robustness |
| 10 | medium | Symlinked SKILL.md can leak host files via index script | `tools/scripts/generate_index.py` | still present but low practical risk | filesystem-trust-boundary | On origin/main, generate_index.py opened every SKILL.md it found via os.walk and did not skip symlinked SKILL.md files, so a malicious local symlink could exfiltrate another file into index metadata generation. | Skip symlinked SKILL.md files during indexing. | codex/security-filesystem-trust-boundary |
-| 11 | low | Example loader trusts manifest paths, enabling file read | `docs/integrations/jetski-gemini-loader/loader.ts` | obsolete/not reproducible on current HEAD | n/a | On origin/main, the loader example resolves the requested file and rejects any path whose path.relative escapes the configured skills root, so the reported direct file read no longer reproduces. | n/a | n/a |
+| 11 | low | Example loader trusts manifest paths, enabling file read | `docs/integrations/jetski-gemini-loader/loader.mjs` | obsolete/not reproducible on current HEAD | n/a | On origin/main, the loader example resolves the requested file and rejects any path whose path.relative escapes the configured skills root, so the reported direct file read no longer reproduces. | n/a | n/a |
| 12 | low | TLS certificate verification disabled in new scrapers | `skills/junta-leiloeiros/scripts/scraper/base_scraper.py | skills/junta-leiloeiros/scripts/web_scraper_fallback.py` | still present but low practical risk | auth-integrity | On origin/main, both the base scraper and the direct fallback client instantiated HTTP clients with verify=False / ignore_https_errors=True, which weakens transport integrity but is a local-run scraper risk rather than an application RCE. | Enable TLS verification by default and require an explicit environment opt-out for insecure targets. | codex/security-auth-integrity |
| 13 | low | Complete bundle omits valid skill categories | `tools/lib/skill-filter.js | tools/scripts/build-catalog.js | data/bundles.json` | obsolete/not reproducible on current HEAD | n/a | On origin/main, shipped bundle data is generated by tools/scripts/build-catalog.js into data/bundles.json; the reported omission in tools/lib/skill-filter.js does not drive current shipped catalog data. | n/a | n/a |
| 14 | low | Malformed frontmatter delimiter breaks YAML parsing for skills | `skills/alpha-vantage/SKILL.md | tools/lib/skill-utils.js` | still present but low practical risk | robustness | On origin/main, skills/alpha-vantage/SKILL.md still contained an extra delimiter token (--- Unknown), which caused parser warnings and broken metadata interpretation. | Repair the malformed frontmatter so the file is a valid YAML frontmatter document. | codex/security-robustness |
diff --git a/docs/maintainers/security-findings-triage-2026-03-18-addendum.md b/docs/maintainers/security-findings-triage-2026-03-18-addendum.md
index c70062d9..c4426462 100644
--- a/docs/maintainers/security-findings-triage-2026-03-18-addendum.md
+++ b/docs/maintainers/security-findings-triage-2026-03-18-addendum.md
@@ -6,7 +6,7 @@ This addendum supersedes the previous Jetski loader assessment in
## Correction
- Finding: `Example loader trusts manifest paths, enabling file read`
-- Path: `docs/integrations/jetski-gemini-loader/loader.ts`
+- Path: `docs/integrations/jetski-gemini-loader/loader.mjs`
- Previous triage status on 2026-03-15: `obsolete/not reproducible on current HEAD`
- Corrected assessment: the loader was still reproducible via a symlinked
`SKILL.md` that resolved outside `skillsRoot`. A local proof read the linked
diff --git a/docs/maintainers/skills-update-guide.md b/docs/maintainers/skills-update-guide.md
index ef97c349..f007ed29 100644
--- a/docs/maintainers/skills-update-guide.md
+++ b/docs/maintainers/skills-update-guide.md
@@ -69,7 +69,7 @@ For manual updates, you need:
The update process refreshes:
- Skills index (`skills_index.json`)
- Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,306+ skills from the skills directory
+- All 1,309+ skills from the skills directory
## When to Update
diff --git a/docs/users/bundles.md b/docs/users/bundles.md
index fe82a5b5..75b83456 100644
--- a/docs/users/bundles.md
+++ b/docs/users/bundles.md
@@ -579,4 +579,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
---
-_Last updated: March 2026 | Total Skills: 1,306+ | Total Bundles: 36_
+_Last updated: March 2026 | Total Skills: 1,309+ | Total Bundles: 36_
diff --git a/docs/users/claude-code-skills.md b/docs/users/claude-code-skills.md
index 0732d5e1..d0f50152 100644
--- a/docs/users/claude-code-skills.md
+++ b/docs/users/claude-code-skills.md
@@ -6,7 +6,7 @@ Antigravity Awesome Skills gives Claude Code users an installable library of `SK
## Why use this repo for Claude Code
-- It includes 1,306+ skills instead of a narrow single-domain starter pack.
+- It includes 1,309+ skills instead of a narrow single-domain starter pack.
- It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
- It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.
- It covers both everyday engineering tasks and specialized work like security reviews, infrastructure, product planning, and documentation.
diff --git a/docs/users/gemini-cli-skills.md b/docs/users/gemini-cli-skills.md
index 63caedac..9b8ed94a 100644
--- a/docs/users/gemini-cli-skills.md
+++ b/docs/users/gemini-cli-skills.md
@@ -8,7 +8,7 @@ Antigravity Awesome Skills supports Gemini CLI through the `.gemini/skills/` pat
- It installs directly into the expected Gemini skills path.
- It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,306+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,309+ files.
- It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
## Install Gemini CLI Skills
diff --git a/docs/users/kiro-integration.md b/docs/users/kiro-integration.md
index 97c15d63..351456d8 100644
--- a/docs/users/kiro-integration.md
+++ b/docs/users/kiro-integration.md
@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
Kiro's agentic capabilities are enhanced by skills that provide:
-- **Domain expertise** across 1,306+ specialized areas
+- **Domain expertise** across 1,309+ specialized areas
- **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
- **Workflow automation** for common development tasks
- **AWS-specific patterns** for serverless, infrastructure, and cloud architecture
diff --git a/docs/users/usage.md b/docs/users/usage.md
index c22fecff..f0fb743f 100644
--- a/docs/users/usage.md
+++ b/docs/users/usage.md
@@ -12,7 +12,7 @@ Great question! Here's what just happened and what to do next:
When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
-β
**Downloaded 1,306+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)
+β
**Downloaded 1,309+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)
β
**Made them available** to your AI assistant
β **Did NOT enable them all automatically** (they're just sitting there, waiting)
@@ -32,7 +32,7 @@ Bundles are **recommended lists** of skills grouped by role. They help you decid
**Analogy:**
-- You installed a toolbox with 1,306+ tools (β
done)
+- You installed a toolbox with 1,309+ tools (β
done)
- Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
- You don't install bundlesβyou **pick skills from them**
@@ -192,7 +192,7 @@ Let's actually use a skill right now. Follow these steps:
## Step 5: Picking Your First Skills (Practical Advice)
-Don't try to use all 1,306+ skills at once. Here's a sensible approach:
+Don't try to use all 1,309+ skills at once. Here's a sensible approach:
If you want a tool-specific starting point before choosing skills, use:
@@ -323,7 +323,7 @@ Usually no, but if your AI doesn't recognize a skill:
### "Can I load all skills into the model at once?"
-No. Even though you have 1,306+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,309+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
The intended pattern is:
diff --git a/docs/users/visual-guide.md b/docs/users/visual-guide.md
index 375fee47..35386a10 100644
--- a/docs/users/visual-guide.md
+++ b/docs/users/visual-guide.md
@@ -34,7 +34,7 @@ antigravity-awesome-skills/
βββ π CONTRIBUTING.md β Contributor workflow
βββ π CATALOG.md β Full generated catalog
β
-βββ π skills/ β 1,306+ skills live here
+βββ π skills/ β 1,309+ skills live here
β β
β βββ π brainstorming/
β β βββ π SKILL.md β Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
β β βββ π 2d-games/
β β βββ π SKILL.md β Nested skills also supported
β β
-β βββ ... (1,306+ total)
+β βββ ... (1,309+ total)
β
βββ π apps/
β βββ π web-app/ β Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
```
βββββββββββββββββββββββββββ
- β 1,306+ SKILLS β
+ β 1,309+ SKILLS β
ββββββββββββββ¬βββββββββββββ
β
ββββββββββββββββββββββββββΌβββββββββββββββββββββββββ
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
β βββ π brainstorming/ β
β βββ π stripe-integration/ β
β βββ π react-best-practices/ β
-β βββ ... (1,306+ total) β
+β βββ ... (1,309+ total) β
βββββββββββββββββββββββββββββββββββββββββββ
```
diff --git a/package.json b/package.json
index 60d85c2c..8265382a 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
{
"name": "antigravity-awesome-skills",
"version": "8.6.0",
- "description": "1,306+ agentic skills for Claude Code, Gemini CLI, Cursor, Antigravity & more. Installer CLI.",
+ "description": "1,309+ agentic skills for Claude Code, Gemini CLI, Cursor, Antigravity & more. Installer CLI.",
"license": "MIT",
"scripts": {
"validate": "node tools/scripts/run-python.js tools/scripts/validate_skills.py",
diff --git a/skills/moyu/SKILL.md b/skills/moyu/SKILL.md
index 5bf0b7d3..87c68742 100644
--- a/skills/moyu/SKILL.md
+++ b/skills/moyu/SKILL.md
@@ -3,6 +3,9 @@ name: moyu
description: >
Anti-over-engineering guardrail that activates when an AI coding agent expands
scope, adds abstractions, or changes files the user did not request.
+risk: safe
+source: community
+date_added: "2026-03-23"
license: MIT
---
@@ -10,6 +13,11 @@ license: MIT
> The best code is code you didn't write. The best PR is the smallest PR.
+## When to Use
+
+Use this skill when you want an AI coding agent to stay tightly scoped, prefer the
+simplest viable change, and avoid unrequested abstractions, refactors, or adjacent edits.
+
## Your Identity
You are a Staff engineer who deeply understands that less is more. Throughout your career, you've seen too many projects fail because of over-engineering. Your proudest PR was a 3-line diff that fixed a bug the team had struggled with for two weeks.
diff --git a/skills_index.json b/skills_index.json
index 2b20d29c..103d4fbd 100644
--- a/skills_index.json
+++ b/skills_index.json
@@ -6989,6 +6989,16 @@
"source": "community",
"date_added": "2026-02-27"
},
+ {
+ "id": "jobgpt",
+ "path": "skills/jobgpt",
+ "category": "uncategorized",
+ "name": "jobgpt",
+ "description": "Job search automation, auto apply, resume generation, application tracking, salary intelligence, and recruiter outreach using the JobGPT MCP server.",
+ "risk": "safe",
+ "source": "community",
+ "date_added": "2026-03-23"
+ },
{
"id": "json-canvas",
"path": "skills/json-canvas",
@@ -8129,6 +8139,16 @@
"source": "community",
"date_added": "2026-02-27"
},
+ {
+ "id": "moyu",
+ "path": "skills/moyu",
+ "category": "ai-ml",
+ "name": "moyu",
+ "description": "Anti-over-engineering guardrail that activates when an AI coding agent expands scope, adds abstractions, or changes files the user did not request.\n",
+ "risk": "safe",
+ "source": "community",
+ "date_added": "2026-03-23"
+ },
{
"id": "mtls-configuration",
"path": "skills/mtls-configuration",
@@ -12749,6 +12769,16 @@
"source": "community",
"date_added": "2026-02-27"
},
+ {
+ "id": "windows-shell-reliability",
+ "path": "skills/windows-shell-reliability",
+ "category": "uncategorized",
+ "name": "windows-shell-reliability",
+ "description": "Reliable command execution on Windows: paths, encoding, and common binary pitfalls.",
+ "risk": "safe",
+ "source": "community",
+ "date_added": "2026-03-19"
+ },
{
"id": "wireshark-analysis",
"path": "skills/wireshark-analysis",
diff --git a/tools/scripts/tests/jetski_gemini_loader.test.cjs b/tools/scripts/tests/jetski_gemini_loader.test.cjs
index 3c63efb4..08e18807 100644
--- a/tools/scripts/tests/jetski_gemini_loader.test.cjs
+++ b/tools/scripts/tests/jetski_gemini_loader.test.cjs
@@ -10,7 +10,7 @@ async function main() {
"docs",
"integrations",
"jetski-gemini-loader",
- "loader.ts",
+ "loader.mjs",
);
const {
loadSkillIndex,