- Add security_scan.py script with gitleaks integration
- Detect hardcoded secrets, personal info, and unsafe code patterns
- Add content-based hash validation in package_skill.py
- BLOCK packaging if security scan not run or content changed
- Add reference file naming guidelines in SKILL.md
- Create .gitignore for security marker files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Critical guideline added:
- Skills should NOT have version sections in SKILL.md
- Version numbers belong in marketplace.json only (plugins[].version)
- SKILL.md should be timeless content focused on functionality
- Marketplace infrastructure manages versioning, not individual skills
Rationale:
- Discovered during ppt-creator development where version history was incorrectly added
- Verified against Anthropic's official skills repository (no version sections found)
- Aligns with marketplace architecture where versions are tracked centrally
Location: Added to "Versioning" subsection under "Privacy and Path References"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Step 2: Add "Match specificity to task risk" framework (high/medium/low freedom)
- Step 6: Add refinement filter to avoid duplicate/speculative improvements
These 5 lines help Claude choose between agentic (text instructions) vs scripted (exact code) approaches based on task characteristics.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
