Refresh maintainer-owned artifacts after the PR merge batch, convert the\nJetski loader example to a directly importable Node ESM module, and add\nthe 8.7.0 changelog entry before release preparation.\n\nRefs #382\nRefs #388
Integrate the JobGPT skill directly on main because the fork does not\nallow maintainer edits and the reviewed content still needed workflow and\nauth guidance fixes before release prep.\n\nRefs #388\nCo-authored-by: Yashveer Rana <captainjackrana@gmail.com>
* Add windows-shell-reliability skill
* Fix validation errors in windows-shell-reliability skill
* fix(windows-shell-reliability): Correct shell guidance
Scope the UTF-8 workaround to older Windows PowerShell behavior,\ninclude stderr in the logging recipe, and replace the foreground\nredirection example with a true detached Start-Process pattern.
---------
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>
* Add skill: moyu anti-overengineering
* fix(moyu): Align metadata for validation
Match the frontmatter name to the skill directory and shorten the\ndescription so the maintainer validation checks can pass on the PR\nbranch without changing the skill body itself.
---------
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>
This SKILL.md was a point-in-time copy that cannot auto-update
from the canonical source at github.com/covalenthq/goldrush-agent-skills.
Removing to avoid stale/misleading content. The canonical skills
are maintained at: https://github.com/covalenthq/goldrush-agent-skills
Co-authored-by: Jayen Harrill <jayenharrill@Mac.lan>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add gdb-cli skill for AI-assisted GDB debugging
A GDB debugging skill designed for AI agents that combines source
code analysis with runtime state inspection. Supports core dump
analysis, live process debugging, crash investigation, and deadlock
analysis.
Features:
- Core dump analysis with millisecond-level response
- Live process attach debugging
- Source code correlation with runtime state
- Multi-threaded debugging support
- Common debugging patterns (null pointer, deadlock, memory corruption)
Repository: https://github.com/Cerdore/gdb-cli
* fix(skill): Reclassify gdb-cli risk label
---------
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>
* feat: add bdistill behavioral-xray and knowledge-extraction skills
Two MCP-powered skills for AI model analysis:
- behavioral-xray: Self-probe across 6 dimensions with HTML reports
- knowledge-extraction: Domain knowledge extraction via Ollama for LoRA training
Repository: https://github.com/FrancyJGLisboa/bdistill
Install: pip install bdistill
* fix: remove curl|sh install command, update skills for current capabilities
- Removed pipe-to-shell Ollama install (flagged by docs security policy)
- Replaced with link to https://ollama.com
- Updated knowledge-extraction to reflect in-session mode, adversarial
validation, tabular ML data, and compounding knowledge base
- Updated behavioral-xray with red-team and compliance use cases
- Removed ChatML/fine-tuning language — output is reference data
Guard metadata repair and doc sync scripts against symlink targets so
repo maintenance tasks cannot overwrite arbitrary local files.
Replace recursive skill discovery with an iterative walk that skips
symlinked directories, and harden the VideoDB listener to write only
private regular files in the user-owned state directory.
Also fix the broken pr:preflight script entry and make the last30days
skill stop embedding raw user arguments directly in the shell command.
Import and normalize new skills from anthropics/skills, marketingskills, claude-seo, and obsidian-skills.
Align imported skills to repository validation rules, document provenance, and sync generated registry artifacts after the import.
Add a conservative metadata fixer for missing risk and source fields,
cover it with tests, and backfill the remaining skills using explicit
source inference only when the provenance is clear. Fall back to the
repo-documented defaults when the file does not support a stronger claim.
Refs #365
Harden batch activation, dev refresh gating, Microsoft sync path
handling, and Jetski skill loading against command injection,
symlink traversal, and client-side star tampering.
Add regression coverage for the security-sensitive paths and
update the internal triage addendum for the Jetski loader fix.
Rename the dotnet backend example assets out of the C# source path so CodeQL no longer performs low-quality C# extraction on standalone template files with no project build context. Update the implementation playbook links to the new template filenames.
Keep the Radix component boilerplate as a template asset, but rename it out of the TSX parser path so CodeQL does not treat placeholder syntax as executable source. Update the example README link to the new template filename.
Tighten the remaining high-signal security findings by switching the todo example to a standard Express rate limiter, removing sensitive metadata from boilerplate logging, and replacing fragile HTML tag filtering with parser-based conversion.
Co-Authored-By: Claude <noreply@anthropic.com>
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add trpc-fullstack skill for end-to-end type-safe API development
* fix: separate App Router and server-side context factories per review feedback
- Replace createContext({ req } as any) in App Router handler with
createTRPCContext(opts: FetchCreateContextFnOptions) — the correct fetch adapter shape
- Add createServerContext() for Server Component callers so auth() is called
directly without an empty or synthetic request object cast
- Update SSR example to use createServerContext() instead of createContext({} as any)
- Add two new pitfall entries covering both auth failure scenarios
Replace malformed frontmatter lines that start with an extra YAML document separator with proper metadata fields. This keeps the skill metadata parseable by strict loaders that only accept a single YAML document in SKILL.md frontmatter.
Co-authored-by: Claude <noreply@anthropic.com>
Design spec with 98 rules across three certification levels for building
CLI tools that AI agents can safely invoke, parse, and handle errors from.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: sck_0 <samujackson1337@gmail.com>
* I've created a new skill called k6-load-testing
* add k6-load-testing skill for API and performance testing
* add k6-load-testing skill for API and performance testing
* fixed errors related to the skill
* minor fix
* feat: addantigravity-skill-orchestrator for Auto-selecting best suited skills for the task, a skill-orchestrator
* feat: update antigravity-skill-orchestrator metadata and documentation
* fix: normalize orchestrator references and sync registry
---------
Co-authored-by: wahid <wahid.shaikh@crimsoni.com>
Co-authored-by: sck_0 <samujackson1337@gmail.com>
