fix(security-auditor): reduce false positives — whitelist plugin dirs, remove 'token' from exfil pattern

- Add .claude-plugin, .codex, .gemini to hidden file allowlist (FS-HIDDEN)
  These are required plugin infrastructure directories, not secrets.
- Remove 'tokens?' from PROMPT-EXFIL regex — 'access token' is a standard
  technical term in auth reference docs, causing false positives on every
  skill that documents JWT/OAuth flows (e.g. saas-scaffolder auth-billing-guide)
- Remaining PROMPT-EXFIL patterns (credentials, secrets, api_keys, .env, .ssh,
  .aws, ~/home, /etc) are specific enough to catch real threats

Fixes: CI security audit failure on PR #370 (7 CRITICAL false positives)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

engineering/skill-security-auditor/scripts/skill_security_auditor.py

@@ -450,7 +450,7 @@ PROMPT_INJECTION_PATTERNS = [
         "fix": "Remove data transmission directives",
     },
     {
-        "regex": r"(?i)(?:read|access|open|get)\s+(?:the\s+)?(?:contents?\s+of\s+)?(?:~|\/home|\/etc|\.ssh|\.aws|\.env|credentials?|secrets?|tokens?|api.?keys?)",
+        "regex": r"(?i)(?:read|access|open|get)\s+(?:the\s+)?(?:contents?\s+of\s+)?(?:~|\/home|\/etc|\.ssh|\.aws|\.env|credentials?|secrets?|api.?keys?)",
         "category": "PROMPT-EXFIL",
         "severity": Severity.CRITICAL,
         "risk": "Instruction to access sensitive files or credentials",
@@ -766,6 +766,7 @@ def scan_filesystem(skill_path: Path, report: AuditReport):
         if item.name.startswith(".") and item.name not in (
             ".gitignore", ".gitkeep", ".editorconfig", ".prettierrc",
             ".eslintrc", ".pylintrc", ".flake8",
+            ".claude-plugin", ".codex", ".gemini",
         ):
             severity = Severity.CRITICAL if item.name == ".env" else Severity.HIGH
             report.findings.append(