@raishin/vanguard-frontier-agentic 2.0.1 → 2.1.0

package/catalog/agents.json

@@ -1,4 +1,44 @@
 [
+  {
+    "id": "ai-advertising-targeting-fairness-review-agent",
+    "name": "AI Advertising Targeting Fairness Review Agent",
+    "type": "agent",
+    "provider": "marketing",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review ad-platform audience targeting configurations and declared AI feature usage for protected-class discrimination risk under Fair Housing Act, ECOA, and EU AI Act Article 5 \u2014 proxy segments, algorithmic disparate impact, and missing Special Ad Category declarations.",
+    "companion_skills": [
+      "ai-advertising-targeting-fairness-review"
+    ],
+    "source_type": "original",
+    "official_docs": [
+      "https://www.ftc.gov/business-guidance/blog/2023/02/ftcs-ai-related-enforcement-actions",
+      "https://www.hud.gov/program_offices/fair_housing_equal_opp/fair_housing_act_overview",
+      "https://www.consumerfinance.gov/about-us/blog/cfpb-issues-guidance-on-credit-denials-by-lenders-using-artificial-intelligence/",
+      "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai",
+      "https://www.federalregister.gov/documents/2023/07/13/2023-14625/civil-rights-principles-for-the-use-of-artificial-intelligence"
+    ],
+    "security_notes": "Read-only advisory. Works from sanitized audience spec exports and declared AI feature annotations only; never requests live campaign credentials, ad-account access tokens, or real audience membership data. Legal determination of FHA, ECOA, or EU AI Act violations is routed to qualified counsel and compliance teams.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/ai-advertising-targeting-fairness-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
   {
     "id": "alibaba-ack-container-platform-operator-agent",
     "name": "Alibaba Cloud ACK Container Platform Operator",
@@ -1141,6 +1181,46 @@
     "author": "github: Raishin",
     "version": "0.1.0"
   },
+  {
+    "id": "analytics-data-minimization-review-agent",
+    "name": "Analytics Data-Minimization Review Agent",
+    "type": "agent",
+    "provider": "marketing",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review analytics platform configuration \u2014 GA4 property settings, BigQuery export schema, custom event-parameter definitions, and user-property declarations \u2014 for data-minimization violations, excessive collection, and storage-period over-retention under GDPR Article 5(1)(c) and 5(1)(e) and EU DPA enforcement on GA4.",
+    "companion_skills": [
+      "analytics-data-minimization-review"
+    ],
+    "source_type": "original",
+    "official_docs": [
+      "https://gdpr-info.eu/art-5-gdpr/",
+      "https://www.cnil.fr/en/use-google-analytics-and-data-transfers-united-states-cnil-orders-website-manageroperator-comply/",
+      "https://www.cnil.fr/en/google-analytics-and-data-transfers-how-make-your-analytics-tool-compliant-gdpr",
+      "https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9782874",
+      "https://support.google.com/analytics/answer/9019185"
+    ],
+    "security_notes": "Read-only advisory. Works from sanitized analytics configuration exports and schema definitions only; never requests live analytics data, raw event exports containing real user identifiers, GA4 admin credentials, or BigQuery service-account keys. Findings may indicate cross-border transfer violations requiring DPA notification \u2014 the agent surfaces that possibility and routes legal assessment to qualified privacy counsel rather than deciding it.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/analytics-data-minimization-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/analytics-data-minimization-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/analytics-data-minimization-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/analytics-data-minimization-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/analytics-data-minimization-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/analytics-data-minimization-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/analytics-data-minimization-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/analytics-data-minimization-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
   {
     "id": "argo-rollouts-progressive-delivery-review-agent",
     "name": "Argo Rollouts Progressive Delivery Review",
@@ -3694,6 +3774,34 @@
     "path": "agents/cert-manager/cert-manager-issuer-trust-review-agent",
     "version": "0.1.0"
   },
+  {
+    "id": "ci-test-pipeline-review-agent",
+    "name": "CI Test Pipeline Review Agent",
+    "type": "agent",
+    "provider": "generic",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review how a CI pipeline runs tests \u2014 gating, sharding, parallelism, fail-fast, artifact retention, quarantine wiring, and secret exposure \u2014 to verify the suite actually blocks bad merges.",
+    "source_type": "original",
+    "official_docs": [
+      "https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs",
+      "https://docs.github.com/en/repositories/configuring-branches-and-merges/about-protected-branches",
+      "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions",
+      "https://docs.gitlab.com/ee/ci/yaml/",
+      "https://playwright.dev/docs/test-sharding"
+    ],
+    "security_notes": "Static review only \u2014 reads CI workflow and branch-protection configuration, never triggers or runs pipelines. Flags secret exposure to test jobs on pull_request_target or fork PRs. Never requests CI secrets, deploy keys, or registry tokens.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/ci-test-pipeline-review-agent",
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
   {
     "id": "cilium-network-policy-review-agent",
     "name": "Cilium Network Policy Review",
@@ -3945,6 +4053,86 @@
       "kiro-cli": "agents/contabo/contabo-security-hardening-agent/harnesses/kiro-cli.agent.json"
     }
   },
+  {
+    "id": "email-sender-authentication-review-agent",
+    "name": "Email Sender Authentication Review Agent",
+    "type": "agent",
+    "provider": "marketing",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review DNS sender-authentication records (SPF, DKIM, DMARC, BIMI) for a marketing domain to identify policy gaps exposing campaigns to rejection, spoofing, or inbox displacement.",
+    "companion_skills": [
+      "email-sender-authentication-review"
+    ],
+    "source_type": "original",
+    "official_docs": [
+      "https://datatracker.ietf.org/doc/html/rfc7489",
+      "https://support.google.com/mail/answer/81126",
+      "https://www.pcisecuritystandards.org/document_library/",
+      "https://www.cisa.gov/sites/default/files/publications/bod-18-01.pdf",
+      "https://datatracker.ietf.org/doc/html/rfc7208"
+    ],
+    "security_notes": "Read-only advisory. Works from sanitized DNS TXT record exports only; never requests ESP account credentials, DMARC aggregate report XML, or sending-platform API keys. DNS records are public data; this agent does not perform live DNS lookups against production infrastructure.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/email-sender-authentication-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/email-sender-authentication-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/email-sender-authentication-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/email-sender-authentication-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/email-sender-authentication-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/email-sender-authentication-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/email-sender-authentication-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/email-sender-authentication-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
+  {
+    "id": "eu-ai-act-marketing-system-review-agent",
+    "name": "EU AI Act Marketing System Review Agent",
+    "type": "agent",
+    "provider": "marketing",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review a marketing AI system description card against EU AI Act Regulation 2024/1689 risk-tier criteria \u2014 classify the system, flag documentation obligations (Articles 11, 13, 14, 43), and identify deployment-readiness gaps before the August 2, 2026 full-enforcement date.",
+    "companion_skills": [
+      "eu-ai-act-marketing-system-review"
+    ],
+    "source_type": "original",
+    "official_docs": [
+      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689",
+      "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai",
+      "https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence",
+      "https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-022023-technical-scope-art-22-gdpr_en",
+      "https://artificialintelligenceact.eu/the-act/"
+    ],
+    "security_notes": "Read-only advisory. Works from sanitized AI system description cards only; never requests model weights, training datasets, internal performance logs, or vendor system-access credentials. Article 5 prohibited-practice determination is routed to qualified legal counsel rather than decided by the agent.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/eu-ai-act-marketing-system-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
   {
     "id": "external-secrets-operator-review-agent",
     "name": "External Secrets Operator Review Agent",
@@ -5568,6 +5756,35 @@
     "author": "github: Raishin",
     "version": "0.1.0"
   },
+  {
+    "id": "helm-chart-quality-review-agent",
+    "name": "Helm Chart Quality Review Agent",
+    "type": "agent",
+    "provider": "generic",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review a Helm chart for quality, security, and testability defects \u2014 linting gaps, insecure securityContext, missing resource limits, absent health probes, RBAC over-permission, hardcoded secrets, and missing helm test coverage \u2014 statically, without installing or contacting a cluster.",
+    "source_type": "original",
+    "official_docs": [
+      "https://helm.sh/docs/chart_best_practices/",
+      "https://helm.sh/docs/helm/helm_lint/",
+      "https://helm.sh/docs/helm/helm_template/",
+      "https://helm.sh/docs/topics/chart_tests/",
+      "https://github.com/helm/chart-testing",
+      "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+      "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
+    ],
+    "security_notes": "Static review only \u2014 reads chart source files (Chart.yaml, values.yaml, templates/, tests/), never installs a chart, never connects to a Kubernetes cluster, never requests kubeconfig, cluster credentials, or cloud provider credentials. Do not accept values files containing live credentials, connection strings, or tenant IDs; ask for sanitized versions with placeholder values.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/helm-chart-quality-review-agent",
+    "version": "0.1.0"
+  },
   {
     "id": "hetzner-capacity-planner-agent",
     "name": "Hetzner Cloud Capacity Planner",
@@ -6926,6 +7143,46 @@
     "author": "github: Raishin",
     "version": "0.1.0"
   },
+  {
+    "id": "influencer-disclosure-compliance-review-agent",
+    "name": "Influencer Disclosure Compliance Review Agent",
+    "type": "agent",
+    "provider": "marketing",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review influencer campaign audit packs \u2014 brief, contract, post descriptions, and disclosure placement specs \u2014 for FTC Endorsement Guide violations: undisclosed material connections, inadequate disclosure placement, and brand liability exposure.",
+    "companion_skills": [
+      "influencer-disclosure-compliance-review"
+    ],
+    "source_type": "original",
+    "official_docs": [
+      "https://www.ftc.gov/legal-library/browse/rules/endorsement-guides",
+      "https://www.ecfr.gov/current/title-16/chapter-I/subchapter-B/part-255",
+      "https://www.ftc.gov/system/files/ftc_gov/pdf/ftc-endorsement-guides-final-rule.pdf",
+      "https://www.ftc.gov/legal-library/browse/statutes/federal-trade-commission-act",
+      "https://www.ftc.gov/business-guidance/resources/ftcs-endorsement-guides-what-people-are-asking"
+    ],
+    "security_notes": "Read-only advisory. Works from a structured influencer campaign audit pack only \u2014 brief, contract excerpt, post descriptions, and disclosure spec. Never requests raw personal data about creators, unpublished financial negotiations, or live platform credentials. Does not generate campaign content or creator instructions. A finding of systematic non-disclosure may warrant legal escalation before campaign continuation.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/influencer-disclosure-compliance-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
   {
     "id": "ionos-cost-optimization-analyst-agent",
     "name": "IONOS Cost Optimization Analyst",
@@ -7363,6 +7620,35 @@
     "source_type": "original",
     "version": "0.1.0"
   },
+  {
+    "id": "kubernetes-manifest-quality-review-agent",
+    "name": "Kubernetes Manifest Quality Review Agent",
+    "type": "agent",
+    "provider": "generic",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review raw Kubernetes YAML manifests for security, quality, and policy defects \u2014 deprecated APIs, missing securityContext, absent resource limits, missing health probes, RBAC over-permission, plaintext secrets, and network exposure \u2014 statically, without applying manifests or contacting a cluster.",
+    "source_type": "original",
+    "official_docs": [
+      "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+      "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
+      "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+      "https://kubernetes.io/docs/reference/access-authn-authz/rbac/",
+      "https://kubernetes.io/docs/concepts/services-networking/network-policies/",
+      "https://github.com/yannh/kubeconform",
+      "https://github.com/zegl/kube-score"
+    ],
+    "security_notes": "Static review only \u2014 reads manifest YAML files, never applies manifests to a cluster, never connects to the Kubernetes API, and never requests kubeconfig, service account tokens, or cloud credentials. Do not accept manifests containing real secret values or connection strings decoded from base64; ask for sanitized versions with placeholder values.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/kubernetes-manifest-quality-review-agent",
+    "version": "0.1.0"
+  },
   {
     "id": "kubernetes-network-architecture-review-agent",
     "name": "Kubernetes Network Architecture Review",
@@ -7533,10 +7819,10 @@
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-agentic-ai-platform-review-agent",
-    "name": "NVIDIA Agentic AI Platform Review",
+    "id": "llm-ai-pipeline-test-review-agent",
+    "name": "LLM AI Pipeline Test Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "generic",
     "harnesses": [
       "codex",
       "copilot",
@@ -7545,31 +7831,27 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review agentic-AI platforms built on the NVIDIA stack per NCP-AAI \u2014 NeMo Agent Toolkit, NIM-as-tool, retrieval pipelines, tool-use safety, agent memory boundaries, and audit logging.",
+    "summary": "Review an LLM or AI pipeline's evaluation setup for test-quality defects \u2014 missing hallucination, relevancy, faithfulness, bias, toxicity, and tool-correctness metrics; absent golden datasets; unthresholded or single-shot evals; and no regression gate across model versions. Static review only.",
     "source_type": "original",
     "official_docs": [
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/dcgm/",
-      "https://docs.nvidia.com/networking/",
-      "https://docs.nvidia.com/nemo-framework/"
-    ],
-    "security_notes": "Agent tools loaded from unsigned mutable sources are prompt injection at platform scale. Shared agent memory across tenants is cross-tenant data bleed. Unbounded tool loops are a cost and reliability incident waiting to happen.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-agentic-ai-platform-review-agent",
-    "companion_skills": [
-      "nvidia-agentic-ai-platform-review"
+      "https://docs.confident-ai.com/",
+      "https://docs.confident-ai.com/docs/metrics-hallucination",
+      "https://docs.confident-ai.com/docs/metrics-answer-relevancy",
+      "https://docs.confident-ai.com/docs/metrics-faithfulness",
+      "https://docs.confident-ai.com/docs/metrics-bias",
+      "https://docs.confident-ai.com/docs/metrics-tool-correctness",
+      "https://www.istqb.org/certifications/certified-tester-foundation-level"
     ],
-    "author": "github: Raishin",
+    "security_notes": "Static review only \u2014 reads eval configuration and test source; never calls LLM APIs, never runs evaluations, never requests model API keys or inference endpoints. Do not accept eval fixtures containing real user PII, private prompt chains, or model weights; ask for sanitized configurations.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/llm-ai-pipeline-test-review-agent",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-ai-infrastructure-operations-agent",
-    "name": "NVIDIA AI Infrastructure Operations",
+    "id": "lookalike-audience-upload-compliance-review-agent",
+    "name": "Lookalike Audience Upload Compliance Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7578,31 +7860,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA GPU infrastructure (DGX/HGX/MGX) against NVIDIA reference architectures, the AI Enterprise support matrix, and the NCA-AIIO and NCP-AII certification bodies of knowledge \u2014 driver/firmware/CUDA alignment, BMC segmentation, ECC, persistence, and MIG posture.",
+    "summary": "Review custom-audience and lookalike-audience upload specifications for hashing adequacy, PII field scope, consent-basis validity, and platform data-sharing restrictions before upload to Meta, Google, LinkedIn, or TikTok \u2014 catching underhashed identifiers, consent-scope mismatches, and re-identification surfaces.",
+    "companion_skills": [
+      "lookalike-audience-upload-compliance-review"
+    ],
     "source_type": "original",
     "official_docs": [
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/dcgm/",
-      "https://docs.nvidia.com/networking/",
-      "https://docs.nvidia.com/nemo-framework/"
-    ],
-    "security_notes": "BMC reachable from tenant networks is total compromise of GPU hosts. Drivers outside the AI Enterprise support matrix produce silent ABI breakage. ECC disabled silently corrupts weights and gradients on training workloads.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-ai-infrastructure-operations-agent",
-    "companion_skills": [
-      "nvidia-ai-infrastructure-operations"
+      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679",
+      "https://oag.ca.gov/privacy/ccpa",
+      "https://www.ftc.gov/reports/data-brokers-call-transparency-accountability",
+      "https://developers.facebook.com/docs/marketing-api/audiences/guides/custom-audiences/",
+      "https://support.google.com/google-ads/answer/6334160"
     ],
+    "security_notes": "Read-only advisory. Works from sanitized field-mapping specifications, declared hashing methods, and consent-basis documentation only; never requests actual audience files, real customer records, or platform API credentials. Legal determination of breach, unauthorized sharing, or unlawful transfer is routed to qualified counsel and the privacy compliance team.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/lookalike-audience-upload-compliance-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-ai-networking-fabric-review-agent",
-    "name": "NVIDIA AI Networking Fabric Review",
+    "id": "marketing-consent-data-collection-review-agent",
+    "name": "Marketing Consent and Data-Collection Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7611,31 +7900,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA AI fabric posture per NCP-AIN \u2014 Spectrum-X / InfiniBand topology, NCCL collective tuning, RoCEv2 lossless config, congestion control, and east-west isolation between training jobs.",
+    "summary": "Review marketing consent posture \u2014 CMP banner config, tag-manager containers, Consent Mode wiring, and cookie policy \u2014 for GDPR/ePrivacy/CCPA correctness, dark patterns, and undisclosed trackers.",
+    "companion_skills": [
+      "marketing-consent-data-collection-review"
+    ],
     "source_type": "original",
     "official_docs": [
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/dcgm/",
-      "https://docs.nvidia.com/networking/",
-      "https://docs.nvidia.com/nemo-framework/"
-    ],
-    "security_notes": "RoCEv2 without PFC and ECN is not lossless; goodput collapses under congestion. Shared default PKey on multi-tenant InfiniBand removes east-west isolation. Single-switch subnet manager with no failover is a fabric-wide outage path.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-ai-networking-fabric-review-agent",
-    "companion_skills": [
-      "nvidia-ai-networking-fabric-review"
+      "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
+      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002L0058",
+      "https://oag.ca.gov/privacy/ccpa",
+      "https://developers.google.com/tag-platform/security/guides/consent",
+      "https://iabeurope.eu/transparency-consent-framework/"
     ],
+    "security_notes": "Read-only advisory. Works from sanitized CMP and tag-manager configuration only; never requests real visitor data, consent-string archives, or analytics credentials. Surfaces regulatory risk but does not issue binding legal conclusions.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/marketing-consent-data-collection-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-ai-operations-day2-agent",
-    "name": "NVIDIA AI Operations (Day-2)",
+    "id": "marketing-conversion-flow-dark-pattern-review-agent",
+    "name": "Marketing Conversion Flow Dark-Pattern Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7644,31 +7940,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review day-2 operational posture of NVIDIA GPU fleets per NCP-AIO \u2014 DCGM exporter coverage, MIG lifecycle, Xid signature to runbook mapping, and gated driver/firmware upgrade discipline.",
+    "summary": "Review marketing conversion flow specifications \u2014 subscription sign-up, upsell interstitial, free-trial enrollment, and cancellation path \u2014 for dark-pattern practices that invalidate consent or constitute unfair or deceptive acts under FTC Section 5, the FTC Negative Option Rule, CPRA, and EU AI Act Article 5(1)(b).",
+    "companion_skills": [
+      "marketing-conversion-flow-dark-pattern-review"
+    ],
     "source_type": "original",
     "official_docs": [
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/dcgm/",
-      "https://docs.nvidia.com/networking/",
-      "https://docs.nvidia.com/nemo-framework/"
-    ],
-    "security_notes": "Absent DCGM coverage makes a GPU fleet operationally blind. Ungated driver upgrades on production training jobs destroy in-flight work. Unmapped Xid signatures triple incident MTTR.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-ai-operations-day2-agent",
-    "companion_skills": [
-      "nvidia-ai-operations-day2"
+      "https://www.ftc.gov/legal-library/browse/rules/negative-option-rule",
+      "https://www.ftc.gov/system/files/ftc_gov/pdf/P214800+Dark+Patterns+Report+9.14.2022+-+FINAL.pdf",
+      "https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.140.",
+      "https://oag.ca.gov/privacy/ccpa",
+      "https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng"
     ],
+    "security_notes": "Read-only advisory. Works from sanitized UX flow specifications and annotated wireframes only; never requests real payment credentials, live user-session data, or production A/B-test results containing real user identities. Findings may indicate FTC civil penalty exposure \u2014 the agent surfaces that possibility and routes enforcement-risk assessment to qualified legal counsel rather than quantifying penalties.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-cuda-kernel-performance-review-agent",
-    "name": "NVIDIA CUDA Kernel Performance Review",
+    "id": "marketing-email-list-retention-review-agent",
+    "name": "Marketing Email List Retention Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7677,38 +7980,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Doc-anchored static review of CUDA C/C++ kernel sources against the NVIDIA CUDA C++ Programming Guide, CUDA Best Practices Guide, and Nsight Compute documentation \u2014 memory coalescing, shared-memory bank conflicts, occupancy, register pressure, stream concurrency, kernel launch parameters.",
+    "summary": "Review marketing email list segment metadata, consent-record completeness, suppression-list coverage, and data-retention schedules for GDPR, CASL, and CCPA deletion-right compliance.",
+    "companion_skills": [
+      "marketing-email-list-retention-review"
+    ],
     "source_type": "original",
     "official_docs": [
-      "https://docs.nvidia.com/cuda/cuda-c-programming-guide/",
-      "https://docs.nvidia.com/cuda/cuda-c-best-practices-guide/",
-      "https://docs.nvidia.com/nsight-compute/",
-      "https://docs.nvidia.com/nsight-systems/",
-      "https://docs.nvidia.com/cuda/profiler-users-guide/"
-    ],
-    "security_notes": "Static review only \u2014 the skill never executes nvcc, nsight-compute, or nsight-systems. It outputs the recommended invocation as text for the user to run on their own GPU host. Treat CUDA samples that disable bounds checking, copy host pointers across context boundaries, or use `cudaMallocManaged` without prefetch hints as findings rather than as patterns to imitate.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/",
-    "companion_skills": [
-      "nvidia-cuda-kernel-performance-review"
+      "https://gdpr-info.eu/art-5-gdpr/",
+      "https://gdpr-info.eu/art-17-gdpr/",
+      "https://laws-lois.justice.gc.ca/eng/acts/C-28.65/page-1.html",
+      "https://oag.ca.gov/privacy/ccpa",
+      "https://www.canada.ca/en/radio-television-telecommunications/news/2014/07/compliance-and-enforcement-information-bulletin-crtc-2014-326.html"
     ],
+    "security_notes": "Read-only advisory. Works from sanitized CRM/ESP exports only \u2014 placeholder values for all subscriber PII; never requests real email addresses, subscriber IDs, CRM credentials, or ESP API keys. Findings of ongoing deletion-SLA breaches or broken CASL consent chains are routed to legal counsel and incident response, not resolved by the agent.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/marketing-email-list-retention-review-agent/",
     "harness_variants": {
-      "codex": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/codex.toml",
-      "copilot": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/kiro-cli.agent.json"
+      "codex": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/kiro-cli.agent.json"
     },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-generative-ai-platform-review-agent",
-    "name": "NVIDIA Generative AI Platform Review",
+    "id": "marketing-gpc-signal-honoring-review-agent",
+    "name": "Marketing GPC Signal Honoring Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7717,31 +8020,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA generative-AI platforms per NCA-GENL / NCA-GENM / NCP-GENL \u2014 NeMo training and customization, NIM inference microservices, model card and weights provenance, evaluation harness, and guardrails posture.",
+    "summary": "Review the technical signal path by which a Global Privacy Control opt-out travels through the CMP and tag stack to confirm ad tags, server-side conversion APIs, and CAPI forwarding actually cease firing on opt-out.",
+    "companion_skills": [
+      "marketing-gpc-signal-honoring-review"
+    ],
     "source_type": "original",
     "official_docs": [
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/dcgm/",
-      "https://docs.nvidia.com/networking/",
-      "https://docs.nvidia.com/nemo-framework/"
-    ],
-    "security_notes": "NIM containers pulled without cosign verification have unverified image trust. Missing model cards block audit reconstruction. NeMo Guardrails bypassable on externally exposed LLM endpoints is critical for regulated workloads.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-generative-ai-platform-review-agent",
-    "companion_skills": [
-      "nvidia-generative-ai-platform-review"
+      "https://cppa.ca.gov/regulations/pdf/cppa_regs.pdf",
+      "https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.135.&lawCode=CIV",
+      "https://globalprivacycontrol.org/",
+      "https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB566",
+      "https://oag.ca.gov/privacy/ccpa"
     ],
+    "security_notes": "Read-only advisory. Works from sanitized tag-manager container exports and CMP configuration exports only; never requests live consent logs, visitor opt-out records, or ad-platform credentials. Findings of non-compliance may constitute evidence in a CPPA enforcement proceeding \u2014 legal determinations are routed to qualified privacy counsel, not decided by this agent.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/marketing-gpc-signal-honoring-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-gpu-operator-kubernetes-hardening-agent",
-    "name": "NVIDIA GPU Operator on Kubernetes Hardening",
+    "id": "marketing-maestro-agent",
+    "name": "Marketing Maestro",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7750,31 +8060,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA GPU Operator on Kubernetes \u2014 device plugin, MIG manager, node feature discovery, time-sliced GPUs, container toolkit, securityContext posture, and namespace tenancy boundaries.",
+    "summary": "Route marketing-governance review tasks to the narrowest specialist across all 13 domains: consent and data-collection, advertising-pixel data-leakage, martech access-governance, GPC signal-honoring, email sender authentication, programmatic supply-chain integrity, AI ad-targeting fairness, EU AI Act marketing-system classification, lookalike audience upload compliance, email list retention, influencer disclosure, conversion-flow dark patterns, and analytics data minimization. Dispatches single or parallel teams (max 4); requires human gate for any mutation intent.",
     "source_type": "original",
     "official_docs": [
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/dcgm/",
-      "https://docs.nvidia.com/networking/",
-      "https://docs.nvidia.com/nemo-framework/"
+      "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
+      "https://oag.ca.gov/privacy/ccpa",
+      "https://developers.google.com/tag-platform/security/guides/consent"
     ],
-    "security_notes": "Tenant workloads with privileged:true escalate across the GPU Operator boundary. Time-sliced GPUs shared across namespaces without admission gating are a side-channel and noisy-neighbor risk. Tag-pulled GPU Operator images allow silent rollback to compromised versions.",
-    "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-gpu-operator-kubernetes-hardening-agent",
+    "security_notes": "Read-only routing agent. Never accepts, stores, or relays real visitor data, consent-string archives, ad-platform credentials, API keys, OAuth tokens, or tenant data. No external API calls made directly \u2014 all artifact review delegated to dispatched specialists. No auto-mutation: any mutating specialist dispatch requires an explicit human approval gate and a handoff packet.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/marketing-maestro-agent",
+    "author": "github: Raishin",
+    "version": "0.1.0",
     "companion_skills": [
-      "nvidia-gpu-operator-kubernetes-hardening"
+      "marketing-maestro"
     ],
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
+    "execution_tier": "read-only-runtime",
+    "lifecycle": "experimental",
+    "harness_variants": {
+      "codex": "agents/marketing/marketing-maestro-agent/harnesses/codex.toml",
+      "claude-code": "agents/marketing/marketing-maestro-agent/harnesses/claude-code.agent.md",
+      "copilot": "agents/marketing/marketing-maestro-agent/harnesses/copilot.agent.md",
+      "cursor": "agents/marketing/marketing-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/marketing-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/marketing-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/marketing-maestro-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
   {
-    "id": "nvidia-maestro-agent",
-    "name": "NVIDIA Maestro",
+    "id": "marketing-pixel-data-leakage-review-agent",
+    "name": "Marketing Pixel Data-Leakage Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
       "codex",
       "copilot",
@@ -7783,71 +8100,76 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Per-provider router for the NVIDIA stack. Classifies the user's task across CUDA, TensorRT, Triton, NIM, NeMo, NGC, DCGM, GPU Operator, and AI fabric domains and dispatches to the narrowest specialist or a parallel team (max 4). Enforces a runtime-evidence gate before routing to the live promotion gatekeeper.",
-    "source_type": "adapted",
+    "summary": "Review advertising pixels and conversion event tracking for personal-data leakage to ad networks \u2014 PII in payloads, form-field auto-capture, pixels on sensitive pages, and unhashed identifier transmission.",
+    "companion_skills": [
+      "marketing-pixel-data-leakage-review"
+    ],
+    "source_type": "original",
     "official_docs": [
-      "https://docs.nvidia.com/",
-      "https://www.nvidia.com/en-us/learn/certification/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
-      "https://docs.nvidia.com/nim/"
+      "https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html",
+      "https://www.ftc.gov/legal-library/browse/rules/health-breach-notification-rule",
+      "https://developers.facebook.com/docs/meta-pixel/",
+      "https://support.google.com/google-ads/answer/9888656",
+      "https://owasp.org/www-project-top-ten/"
     ],
-    "security_notes": "Runtime-evidence gate is non-negotiable: nvidia-model-promotion-gatekeeper-agent must never be auto-dispatched. Always surface blast-radius assessment and rollback path and require explicit written human confirmation before routing to the gatekeeper.",
-    "last_verified": "2026-05-11",
-    "path": "agents/nvidia/nvidia-maestro-agent",
+    "security_notes": "Read-only advisory. Works from sanitized payloads and container exports only; never requests real visitor data, conversion logs, or ad-platform credentials. A leak found here may be a reportable breach \u2014 the agent surfaces that possibility and routes the determination to counsel and incident response rather than deciding it.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/marketing-pixel-data-leakage-review-agent/",
     "harness_variants": {
-      "codex": "agents/nvidia/nvidia-maestro-agent/harnesses/codex.toml",
-      "copilot": "agents/nvidia/nvidia-maestro-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/nvidia/nvidia-maestro-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/nvidia/nvidia-maestro-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/nvidia/nvidia-maestro-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/nvidia/nvidia-maestro-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/nvidia/nvidia-maestro-agent/harnesses/kiro-cli.agent.json"
+      "codex": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/kiro-cli.agent.json"
     },
-    "companion_skills": [
-      "nvidia-maestro"
-    ],
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-model-promotion-gatekeeper-agent",
-    "name": "NVIDIA Model Promotion Gatekeeper",
+    "id": "martech-access-governance-review-agent",
+    "name": "Martech Access Governance Review Agent",
     "type": "agent",
-    "provider": "nvidia",
+    "provider": "marketing",
     "harnesses": [
+      "codex",
+      "copilot",
       "claude-code",
-      "cursor"
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review access governance across a marketing technology stack \u2014 OAuth connected apps, API keys, CRM and marketing-automation roles, and integration scopes \u2014 for least-privilege violations, shared and stale credentials, and missing ownership.",
+    "companion_skills": [
+      "martech-access-governance-review"
     ],
-    "summary": "Live-execution gatekeeper that decides promote/block/manual-review for an NVIDIA NIM container moving from staging to production. Runs an allowlisted set of cosign/crane/oras/grype commands and emits a cosign-signable attestation JSON. Two harnesses by deliberate scope choice; broader fan-out requires per-harness allowlist audit.",
     "source_type": "original",
     "official_docs": [
-      "https://docs.nvidia.com/nim/",
-      "https://docs.nvidia.com/ai-enterprise/",
-      "https://docs.sigstore.dev/cosign/verifying/verify/",
-      "https://docs.sigstore.dev/cosign/key_management/",
-      "https://github.com/google/go-containerregistry/tree/main/cmd/crane",
-      "https://oras.land/docs/category/oras-commands",
-      "https://github.com/anchore/grype"
-    ],
-    "security_notes": "Live agent. Allowlist locks every Bash invocation to nvcr.io/* targets and to fixed argv shapes. Egress restricted to nvcr.io and Sigstore endpoints. Default mode is static (no egress); runtime mode is per-session opt-in. Sigstore unreachable degrades to manual-review, never auto-pass. Read-only \u2014 no docker pull, no kubectl, no registry write, no sign action (operator signs the attestation). Credential flag values scrubbed from provenance output.",
-    "last_verified": "2026-05-11",
-    "path": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/",
-    "companion_skills": [
-      "nvidia-model-promotion-gatekeeper"
+      "https://datatracker.ietf.org/doc/html/rfc6749",
+      "https://oauth.net/2/scope/",
+      "https://csrc.nist.gov/glossary/term/least_privilege",
+      "https://owasp.org/www-project-top-ten/",
+      "https://csrc.nist.gov/pubs/sp/800/207/final"
     ],
+    "security_notes": "Read-only advisory. Works from sanitized access inventories only; never requests, collects, or echoes credential values, API keys, tokens, or secrets. If a real credential is pasted, the agent treats it as compromised and recommends rotation.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/martech-access-governance-review-agent/",
     "harness_variants": {
-      "claude-code": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/harnesses/cursor.agent.md"
+      "codex": "agents/marketing/martech-access-governance-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/martech-access-governance-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/martech-access-governance-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/martech-access-governance-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/martech-access-governance-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/martech-access-governance-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/martech-access-governance-review-agent/harnesses/kiro-cli.agent.json"
     },
-    "lifecycle": "experimental",
-    "execution_tier": "read-only-runtime",
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-ngc-nim-supply-chain-governor-agent",
-    "name": "NVIDIA NGC and NIM Supply Chain Governor",
+    "id": "nvidia-agentic-ai-platform-review-agent",
+    "name": "NVIDIA Agentic AI Platform Review",
     "type": "agent",
     "provider": "nvidia",
     "harnesses": [
@@ -7858,7 +8180,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NGC and NIM supply chain posture \u2014 NGC org/team boundaries, API key scope and rotation, NIM container cosign verification, model card and weights provenance, AI Enterprise license posture, and air-gap mirror integrity.",
+    "summary": "Review agentic-AI platforms built on the NVIDIA stack per NCP-AAI \u2014 NeMo Agent Toolkit, NIM-as-tool, retrieval pipelines, tool-use safety, agent memory boundaries, and audit logging.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -7869,18 +8191,18 @@
       "https://docs.nvidia.com/networking/",
       "https://docs.nvidia.com/nemo-framework/"
     ],
-    "security_notes": "NGC keys with org-wide write scope are publish-anywhere primitives if leaked. Air-gap mirrors copying by tag rather than digest drift silently. NIM model artifacts world-readable on shared hosts are a weight exfiltration path.",
+    "security_notes": "Agent tools loaded from unsigned mutable sources are prompt injection at platform scale. Shared agent memory across tenants is cross-tenant data bleed. Unbounded tool loops are a cost and reliability incident waiting to happen.",
     "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-ngc-nim-supply-chain-governor-agent",
+    "path": "agents/nvidia/nvidia-agentic-ai-platform-review-agent",
     "companion_skills": [
-      "nvidia-ngc-nim-supply-chain-governor"
+      "nvidia-agentic-ai-platform-review"
     ],
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-tensorrt-llm-deployment-review-agent",
-    "name": "NVIDIA TensorRT-LLM Deployment Review",
+    "id": "nvidia-ai-infrastructure-operations-agent",
+    "name": "NVIDIA AI Infrastructure Operations",
     "type": "agent",
     "provider": "nvidia",
     "harnesses": [
@@ -7891,36 +8213,29 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Doc-anchored static review of TensorRT and TensorRT-LLM deployment pipelines against the NVIDIA TensorRT Developer Guide and TensorRT-LLM documentation \u2014 ONNX/PyTorch export, precision selection, calibration integrity, dynamic shapes, plugin trust boundaries, engine cache provenance.",
+    "summary": "Review NVIDIA GPU infrastructure (DGX/HGX/MGX) against NVIDIA reference architectures, the AI Enterprise support matrix, and the NCA-AIIO and NCP-AII certification bodies of knowledge \u2014 driver/firmware/CUDA alignment, BMC segmentation, ECC, persistence, and MIG posture.",
     "source_type": "original",
     "official_docs": [
-      "https://docs.nvidia.com/deeplearning/tensorrt/developer-guide/",
-      "https://docs.nvidia.com/deeplearning/tensorrt/quick-start-guide/",
-      "https://docs.nvidia.com/deeplearning/tensorrt/best-practices/",
-      "https://docs.nvidia.com/deeplearning/tensorrt-llm/",
-      "https://docs.nvidia.com/deeplearning/tensorrt/api/"
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/dcgm/",
+      "https://docs.nvidia.com/networking/",
+      "https://docs.nvidia.com/nemo-framework/"
     ],
-    "security_notes": "TensorRT custom plugins load arbitrary native code into the inference process; any plugin pulled from a non-vetted source is an RCE primitive. Serialized TensorRT engines (`.engine`, `.plan`) are not signed by default \u2014 silent substitution of an engine yields silent model substitution. INT8 calibration data is unredacted production traffic by definition and is a confidentiality risk if it leaks. The skill never executes `trtexec`, `polygraphy`, or `tensorrt_llm/build.py` \u2014 it outputs the recommended invocation as text.",
+    "security_notes": "BMC reachable from tenant networks is total compromise of GPU hosts. Drivers outside the AI Enterprise support matrix produce silent ABI breakage. ECC disabled silently corrupts weights and gradients on training workloads.",
     "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/",
+    "path": "agents/nvidia/nvidia-ai-infrastructure-operations-agent",
     "companion_skills": [
-      "nvidia-tensorrt-llm-deployment-review"
+      "nvidia-ai-infrastructure-operations"
     ],
-    "harness_variants": {
-      "codex": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/codex.toml",
-      "copilot": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/kiro-cli.agent.json"
-    },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "nvidia-triton-inference-serving-review-agent",
-    "name": "NVIDIA Triton Inference Server Review",
+    "id": "nvidia-ai-networking-fabric-review-agent",
+    "name": "NVIDIA AI Networking Fabric Review",
     "type": "agent",
     "provider": "nvidia",
     "harnesses": [
@@ -7931,38 +8246,31 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Doc-anchored static review of Triton Inference Server deployments against the NVIDIA Triton Inference Server documentation \u2014 model repository layout, dynamic batching, ensemble pipelines, custom backend trust, gRPC/HTTP auth, response cache, rate-limit and metrics endpoints.",
+    "summary": "Review NVIDIA AI fabric posture per NCP-AIN \u2014 Spectrum-X / InfiniBand topology, NCCL collective tuning, RoCEv2 lossless config, congestion control, and east-west isolation between training jobs.",
     "source_type": "original",
     "official_docs": [
-      "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/",
-      "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/user_guide/model_configuration.html",
-      "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/customization_guide/build.html",
-      "https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/inference_protocols.md",
-      "https://github.com/triton-inference-server/server/blob/main/docs/user_guide/architecture.md"
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/dcgm/",
+      "https://docs.nvidia.com/networking/",
+      "https://docs.nvidia.com/nemo-framework/"
     ],
-    "security_notes": "Triton custom Python and C++ backends execute arbitrary code in the server process \u2014 any backend pulled from a non-vetted source is an RCE primitive. Default gRPC and HTTP endpoints are anonymous; auth is the operator's responsibility via reverse-proxy or `--grpc-restricted-protocol`. Model files in `model_repository/` are unsigned at rest. The response cache, when enabled, can be poisoned across tenants if requests are not partitioned. The skill never starts `tritonserver` or sends inference requests \u2014 it outputs `tritonserver` and `perf_analyzer` invocations as text.",
+    "security_notes": "RoCEv2 without PFC and ECN is not lossless; goodput collapses under congestion. Shared default PKey on multi-tenant InfiniBand removes east-west isolation. Single-switch subnet manager with no failover is a fabric-wide outage path.",
     "last_verified": "2026-05-10",
-    "path": "agents/nvidia/nvidia-triton-inference-serving-review-agent/",
+    "path": "agents/nvidia/nvidia-ai-networking-fabric-review-agent",
     "companion_skills": [
-      "nvidia-triton-inference-serving-review"
+      "nvidia-ai-networking-fabric-review"
     ],
-    "harness_variants": {
-      "codex": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/codex.toml",
-      "copilot": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/kiro-cli.agent.json"
-    },
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "oci-autonomous-database-architect-agent",
-    "name": "OCI Autonomous Database Architect",
+    "id": "nvidia-ai-operations-day2-agent",
+    "name": "NVIDIA AI Operations (Day-2)",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -7971,23 +8279,31 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-autonomous-database-architect. OCI Architect and operate Autonomous Database and Autonomous AI Database across serverless, dedicated Exadata, Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS contexts.",
-    "source_type": "adapted",
+    "summary": "Review day-2 operational posture of NVIDIA GPU fleets per NCP-AIO \u2014 DCGM exporter coverage, MIG lifecycle, Xid signature to runbook mapping, and gated driver/firmware upgrade discipline.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/dcgm/",
+      "https://docs.nvidia.com/networking/",
+      "https://docs.nvidia.com/nemo-framework/"
+    ],
+    "security_notes": "Absent DCGM coverage makes a GPU fleet operationally blind. Ungated driver upgrades on production training jobs destroy in-flight work. Unmapped Xid signatures triple incident MTTR.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-ai-operations-day2-agent",
+    "companion_skills": [
+      "nvidia-ai-operations-day2"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-autonomous-database-architect-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-certificates-issuer-review-agent",
-    "name": "OCI Certificates Issuer Review",
+    "id": "nvidia-cuda-kernel-performance-review-agent",
+    "name": "NVIDIA CUDA Kernel Performance Review",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -7996,24 +8312,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review OCI Certificates Service issuer configurations for cert-manager on OKE, covering CA hierarchy safety, issuance rule enforcement, OKE Workload Identity vs Instance Principal authentication, IAM policy scope minimization, OCSP reachability, and certificate version lifecycle management.",
+    "summary": "Doc-anchored static review of CUDA C/C++ kernel sources against the NVIDIA CUDA C++ Programming Guide, CUDA Best Practices Guide, and Nsight Compute documentation \u2014 memory coalescing, shared-memory bank conflicts, occupancy, register pressure, stream concurrency, kernel launch parameters.",
     "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/certificates/home.htm",
-      "https://docs.oracle.com/en-us/iaas/Content/certificates/managing-certificate-authority.htm",
-      "https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengusingworkloadidentity.htm",
-      "https://github.com/oracle/oci-native-ingress-controller"
+      "https://docs.nvidia.com/cuda/cuda-c-programming-guide/",
+      "https://docs.nvidia.com/cuda/cuda-c-best-practices-guide/",
+      "https://docs.nvidia.com/nsight-compute/",
+      "https://docs.nvidia.com/nsight-systems/",
+      "https://docs.nvidia.com/cuda/profiler-users-guide/"
     ],
-    "security_notes": "Instance Principal auth for cert-manager on OKE means ANY pod on the node can call the OCI Certificates API using the instance metadata endpoint \u2014 not just cert-manager. Use OKE Workload Identity to scope cert-issuance permissions to the cert-manager ServiceAccount only. IAM policy with 'manage certificate-authorities' grants delete and update CA permissions, which is excessive for cert-manager.",
-    "last_verified": "2026-05-02",
-    "path": "agents/oci/oci-certificates-issuer-review-agent",
+    "security_notes": "Static review only \u2014 the skill never executes nvcc, nsight-compute, or nsight-systems. It outputs the recommended invocation as text for the user to run on their own GPU host. Treat CUDA samples that disable bounds checking, copy host pointers across context boundaries, or use `cudaMallocManaged` without prefetch hints as findings rather than as patterns to imitate.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/",
+    "companion_skills": [
+      "nvidia-cuda-kernel-performance-review"
+    ],
+    "harness_variants": {
+      "codex": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/codex.toml",
+      "copilot": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "oci-cloud-guard-responder-agent",
-    "name": "OCI Cloud Guard Responder",
+    "id": "nvidia-generative-ai-platform-review-agent",
+    "name": "NVIDIA Generative AI Platform Review",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -8022,23 +8352,31 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-cloud-guard-responder. Triage and govern OCI Cloud Guard problems, targets, responder recipes, detector findings, and security remediation safely.",
-    "source_type": "adapted",
+    "summary": "Review NVIDIA generative-AI platforms per NCA-GENL / NCA-GENM / NCP-GENL \u2014 NeMo training and customization, NIM inference microservices, model card and weights provenance, evaluation harness, and guardrails posture.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/dcgm/",
+      "https://docs.nvidia.com/networking/",
+      "https://docs.nvidia.com/nemo-framework/"
+    ],
+    "security_notes": "NIM containers pulled without cosign verification have unverified image trust. Missing model cards block audit reconstruction. NeMo Guardrails bypassable on externally exposed LLM endpoints is critical for regulated workloads.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-generative-ai-platform-review-agent",
+    "companion_skills": [
+      "nvidia-generative-ai-platform-review"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-cloud-guard-responder-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-compute-instance-agent-operator-agent",
-    "name": "OCI Compute Instance Agent Operator",
+    "id": "nvidia-gpu-operator-kubernetes-hardening-agent",
+    "name": "NVIDIA GPU Operator on Kubernetes Hardening",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -8047,23 +8385,31 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-compute-instance-agent-operator. Operate OCI Compute Instance Agent commands and executions safely for diagnostics, automation, and remediation.",
-    "source_type": "adapted",
+    "summary": "Review NVIDIA GPU Operator on Kubernetes \u2014 device plugin, MIG manager, node feature discovery, time-sliced GPUs, container toolkit, securityContext posture, and namespace tenancy boundaries.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/dcgm/",
+      "https://docs.nvidia.com/networking/",
+      "https://docs.nvidia.com/nemo-framework/"
+    ],
+    "security_notes": "Tenant workloads with privileged:true escalate across the GPU Operator boundary. Time-sliced GPUs shared across namespaces without admission gating are a side-channel and noisy-neighbor risk. Tag-pulled GPU Operator images allow silent rollback to compromised versions.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-gpu-operator-kubernetes-hardening-agent",
+    "companion_skills": [
+      "nvidia-gpu-operator-kubernetes-hardening"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-compute-instance-agent-operator-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-compute-platform-operator-agent",
-    "name": "OCI Compute Platform Operator",
+    "id": "nvidia-maestro-agent",
+    "name": "NVIDIA Maestro",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -8072,48 +8418,73 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-compute-platform-operator. Operate OCI Compute instances and platform capacity safely with compartment/region confirmation, instance lifecycle guardrails, least-privilege IAM checks, MCP/CLI discovery, and rollback-aware change plans.",
+    "summary": "Per-provider router for the NVIDIA stack. Classifies the user's task across CUDA, TensorRT, Triton, NIM, NeMo, NGC, DCGM, GPU Operator, and AI fabric domains and dispatches to the narrowest specialist or a parallel team (max 4). Enforces a runtime-evidence gate before routing to the live promotion gatekeeper.",
     "source_type": "adapted",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://docs.nvidia.com/",
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/"
+    ],
+    "security_notes": "Runtime-evidence gate is non-negotiable: nvidia-model-promotion-gatekeeper-agent must never be auto-dispatched. Always surface blast-radius assessment and rollback path and require explicit written human confirmation before routing to the gatekeeper.",
+    "last_verified": "2026-05-11",
+    "path": "agents/nvidia/nvidia-maestro-agent",
+    "harness_variants": {
+      "codex": "agents/nvidia/nvidia-maestro-agent/harnesses/codex.toml",
+      "copilot": "agents/nvidia/nvidia-maestro-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/nvidia/nvidia-maestro-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/nvidia/nvidia-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/nvidia/nvidia-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/nvidia/nvidia-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/nvidia/nvidia-maestro-agent/harnesses/kiro-cli.agent.json"
+    },
+    "companion_skills": [
+      "nvidia-maestro"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-compute-platform-operator-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-cost-finops-analyst-agent",
-    "name": "OCI Cost Finops Analyst",
+    "id": "nvidia-model-promotion-gatekeeper-agent",
+    "name": "NVIDIA Model Promotion Gatekeeper",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
-      "codex",
-      "copilot",
       "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
+      "cursor"
     ],
-    "summary": "Agent for oci-cost-finops-analyst. Analyze Oracle Cloud Infrastructure cost, usage, budgets, tagging, rightsizing, commitment coverage, and FinOps governance.",
-    "source_type": "adapted",
+    "summary": "Live-execution gatekeeper that decides promote/block/manual-review for an NVIDIA NIM container moving from staging to production. Runs an allowlisted set of cosign/crane/oras/grype commands and emits a cosign-signable attestation JSON. Two harnesses by deliberate scope choice; broader fan-out requires per-harness allowlist audit.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.sigstore.dev/cosign/verifying/verify/",
+      "https://docs.sigstore.dev/cosign/key_management/",
+      "https://github.com/google/go-containerregistry/tree/main/cmd/crane",
+      "https://oras.land/docs/category/oras-commands",
+      "https://github.com/anchore/grype"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-cost-finops-analyst-agent",
+    "security_notes": "Live agent. Allowlist locks every Bash invocation to nvcr.io/* targets and to fixed argv shapes. Egress restricted to nvcr.io and Sigstore endpoints. Default mode is static (no egress); runtime mode is per-session opt-in. Sigstore unreachable degrades to manual-review, never auto-pass. Read-only \u2014 no docker pull, no kubectl, no registry write, no sign action (operator signs the attestation). Credential flag values scrubbed from provenance output.",
+    "last_verified": "2026-05-11",
+    "path": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/",
+    "companion_skills": [
+      "nvidia-model-promotion-gatekeeper"
+    ],
+    "harness_variants": {
+      "claude-code": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/harnesses/cursor.agent.md"
+    },
+    "lifecycle": "experimental",
+    "execution_tier": "read-only-runtime",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-database-platform-dba-agent",
-    "name": "OCI Database Platform Dba",
+    "id": "nvidia-ngc-nim-supply-chain-governor-agent",
+    "name": "NVIDIA NGC and NIM Supply Chain Governor",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -8122,23 +8493,31 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-database-platform-dba. Operate as a ruthless OCI database platform DBA for DB systems, Autonomous Database, Exadata, backups, patching, performance triage, capacity, and IAM-scoped database operations.",
-    "source_type": "adapted",
+    "summary": "Review NGC and NIM supply chain posture \u2014 NGC org/team boundaries, API key scope and rotation, NIM container cosign verification, model card and weights provenance, AI Enterprise license posture, and air-gap mirror integrity.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://www.nvidia.com/en-us/learn/certification/",
+      "https://docs.nvidia.com/ai-enterprise/",
+      "https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/",
+      "https://docs.nvidia.com/nim/",
+      "https://docs.nvidia.com/dcgm/",
+      "https://docs.nvidia.com/networking/",
+      "https://docs.nvidia.com/nemo-framework/"
+    ],
+    "security_notes": "NGC keys with org-wide write scope are publish-anywhere primitives if leaked. Air-gap mirrors copying by tag rather than digest drift silently. NIM model artifacts world-readable on shared hosts are a weight exfiltration path.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-ngc-nim-supply-chain-governor-agent",
+    "companion_skills": [
+      "nvidia-ngc-nim-supply-chain-governor"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-database-platform-dba-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-dbtools-sql-analyst-agent",
-    "name": "OCI Dbtools Sql Analyst",
+    "id": "nvidia-tensorrt-llm-deployment-review-agent",
+    "name": "NVIDIA TensorRT-LLM Deployment Review",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -8147,23 +8526,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-dbtools-sql-analyst. Use OCI Database Tools and database documentation safely for SQL inspection, report definitions, table metadata, and controlled query execution.",
-    "source_type": "adapted",
+    "summary": "Doc-anchored static review of TensorRT and TensorRT-LLM deployment pipelines against the NVIDIA TensorRT Developer Guide and TensorRT-LLM documentation \u2014 ONNX/PyTorch export, precision selection, calibration integrity, dynamic shapes, plugin trust boundaries, engine cache provenance.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://docs.nvidia.com/deeplearning/tensorrt/developer-guide/",
+      "https://docs.nvidia.com/deeplearning/tensorrt/quick-start-guide/",
+      "https://docs.nvidia.com/deeplearning/tensorrt/best-practices/",
+      "https://docs.nvidia.com/deeplearning/tensorrt-llm/",
+      "https://docs.nvidia.com/deeplearning/tensorrt/api/"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-dbtools-sql-analyst-agent",
+    "security_notes": "TensorRT custom plugins load arbitrary native code into the inference process; any plugin pulled from a non-vetted source is an RCE primitive. Serialized TensorRT engines (`.engine`, `.plan`) are not signed by default \u2014 silent substitution of an engine yields silent model substitution. INT8 calibration data is unredacted production traffic by definition and is a confidentiality risk if it leaks. The skill never executes `trtexec`, `polygraphy`, or `tensorrt_llm/build.py` \u2014 it outputs the recommended invocation as text.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/",
+    "companion_skills": [
+      "nvidia-tensorrt-llm-deployment-review"
+    ],
+    "harness_variants": {
+      "codex": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/codex.toml",
+      "copilot": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-devops-container-platform-engineer-agent",
-    "name": "OCI Devops Container Platform Engineer",
+    "id": "nvidia-triton-inference-serving-review-agent",
+    "name": "NVIDIA Triton Inference Server Review",
     "type": "agent",
-    "provider": "oci",
+    "provider": "nvidia",
     "harnesses": [
       "codex",
       "copilot",
@@ -8172,21 +8566,36 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-devops-container-platform-engineer. Engineer and review Oracle Cloud Infrastructure DevOps, OKE, OCIR, build/deploy pipelines, Kubernetes platform, and container runtime workflows.",
-    "source_type": "adapted",
+    "summary": "Doc-anchored static review of Triton Inference Server deployments against the NVIDIA Triton Inference Server documentation \u2014 model repository layout, dynamic batching, ensemble pipelines, custom backend trust, gRPC/HTTP auth, response cache, rate-limit and metrics endpoints.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/",
+      "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/user_guide/model_configuration.html",
+      "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/customization_guide/build.html",
+      "https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/inference_protocols.md",
+      "https://github.com/triton-inference-server/server/blob/main/docs/user_guide/architecture.md"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-devops-container-platform-engineer-agent",
+    "security_notes": "Triton custom Python and C++ backends execute arbitrary code in the server process \u2014 any backend pulled from a non-vetted source is an RCE primitive. Default gRPC and HTTP endpoints are anonymous; auth is the operator's responsibility via reverse-proxy or `--grpc-restricted-protocol`. Model files in `model_repository/` are unsigned at rest. The response cache, when enabled, can be poisoned across tenants if requests are not partitioned. The skill never starts `tritonserver` or sends inference requests \u2014 it outputs `tritonserver` and `perf_analyzer` invocations as text.",
+    "last_verified": "2026-05-10",
+    "path": "agents/nvidia/nvidia-triton-inference-serving-review-agent/",
+    "companion_skills": [
+      "nvidia-triton-inference-serving-review"
+    ],
+    "harness_variants": {
+      "codex": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/codex.toml",
+      "copilot": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/nvidia/nvidia-triton-inference-serving-review-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-exadata-platform-architect-agent",
-    "name": "OCI Exadata Platform Architect",
+    "id": "oci-autonomous-database-architect-agent",
+    "name": "OCI Autonomous Database Architect",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -8197,7 +8606,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-exadata-platform-architect. OCI Design and operate Exadata Database Service across OCI Dedicated Infrastructure, Exadata Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS.",
+    "summary": "Agent for oci-autonomous-database-architect. OCI Architect and operate Autonomous Database and Autonomous AI Database across serverless, dedicated Exadata, Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS contexts.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -8205,13 +8614,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-exadata-platform-architect-agent",
+    "path": "agents/oci/oci-autonomous-database-architect-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-fusion-apps-environment-operator-agent",
-    "name": "OCI Fusion Apps Environment Operator",
+    "id": "oci-certificates-issuer-review-agent",
+    "name": "OCI Certificates Issuer Review",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -8222,13 +8631,239 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-fusion-apps-environment-operator. OCI Review Fusion Apps as a Service environment families, environments, lifecycle status, availability, and operational readiness.",
-    "source_type": "adapted",
+    "summary": "Review OCI Certificates Service issuer configurations for cert-manager on OKE, covering CA hierarchy safety, issuance rule enforcement, OKE Workload Identity vs Instance Principal authentication, IAM policy scope minimization, OCSP reachability, and certificate version lifecycle management.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+      "https://docs.oracle.com/en-us/iaas/Content/certificates/home.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/certificates/managing-certificate-authority.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengusingworkloadidentity.htm",
+      "https://github.com/oracle/oci-native-ingress-controller"
+    ],
+    "security_notes": "Instance Principal auth for cert-manager on OKE means ANY pod on the node can call the OCI Certificates API using the instance metadata endpoint \u2014 not just cert-manager. Use OKE Workload Identity to scope cert-issuance permissions to the cert-manager ServiceAccount only. IAM policy with 'manage certificate-authorities' grants delete and update CA permissions, which is excessive for cert-manager.",
+    "last_verified": "2026-05-02",
+    "path": "agents/oci/oci-certificates-issuer-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "oci-cloud-guard-responder-agent",
+    "name": "OCI Cloud Guard Responder",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-cloud-guard-responder. Triage and govern OCI Cloud Guard problems, targets, responder recipes, detector findings, and security remediation safely.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-cloud-guard-responder-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-compute-instance-agent-operator-agent",
+    "name": "OCI Compute Instance Agent Operator",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-compute-instance-agent-operator. Operate OCI Compute Instance Agent commands and executions safely for diagnostics, automation, and remediation.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-compute-instance-agent-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-compute-platform-operator-agent",
+    "name": "OCI Compute Platform Operator",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-compute-platform-operator. Operate OCI Compute instances and platform capacity safely with compartment/region confirmation, instance lifecycle guardrails, least-privilege IAM checks, MCP/CLI discovery, and rollback-aware change plans.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-compute-platform-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-cost-finops-analyst-agent",
+    "name": "OCI Cost Finops Analyst",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-cost-finops-analyst. Analyze Oracle Cloud Infrastructure cost, usage, budgets, tagging, rightsizing, commitment coverage, and FinOps governance.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-cost-finops-analyst-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-database-platform-dba-agent",
+    "name": "OCI Database Platform Dba",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-database-platform-dba. Operate as a ruthless OCI database platform DBA for DB systems, Autonomous Database, Exadata, backups, patching, performance triage, capacity, and IAM-scoped database operations.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-database-platform-dba-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-dbtools-sql-analyst-agent",
+    "name": "OCI Dbtools Sql Analyst",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-dbtools-sql-analyst. Use OCI Database Tools and database documentation safely for SQL inspection, report definitions, table metadata, and controlled query execution.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-dbtools-sql-analyst-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-devops-container-platform-engineer-agent",
+    "name": "OCI Devops Container Platform Engineer",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-devops-container-platform-engineer. Engineer and review Oracle Cloud Infrastructure DevOps, OKE, OCIR, build/deploy pipelines, Kubernetes platform, and container runtime workflows.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-devops-container-platform-engineer-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-exadata-platform-architect-agent",
+    "name": "OCI Exadata Platform Architect",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-exadata-platform-architect. OCI Design and operate Exadata Database Service across OCI Dedicated Infrastructure, Exadata Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-exadata-platform-architect-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-fusion-apps-environment-operator-agent",
+    "name": "OCI Fusion Apps Environment Operator",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-fusion-apps-environment-operator. OCI Review Fusion Apps as a Service environment families, environments, lifecycle status, availability, and operational readiness.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
     "path": "agents/oci/oci-fusion-apps-environment-operator-agent",
     "author": "github: Raishin",
@@ -9160,38 +9795,34 @@
     "version": "0.1.0"
   },
   {
-    "id": "prometheus-alerting-cardinality-review-agent",
-    "name": "Prometheus Alerting and Cardinality Review Agent",
+    "id": "playwright-e2e-execution-run-agent",
+    "name": "Playwright E2E Execution Run Agent",
     "type": "agent",
-    "provider": "prometheus",
+    "provider": "generic",
     "harnesses": [
-      "codex",
-      "copilot",
       "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
+      "cursor"
     ],
-    "summary": "Review Prometheus and AlertManager configuration for cardinality risks, alert correctness, scrape security, routing safety, and retention adequacy.",
+    "summary": "Execute an existing Playwright E2E suite against an operator-confirmed non-production target and emit a structured run attestation \u2014 pass/fail/flaky counts and trace artifact locations. Read-only-runtime tier.",
     "source_type": "original",
     "official_docs": [
-      "https://prometheus.io/docs/prometheus/latest/querying/basics/",
-      "https://prometheus.io/docs/practices/naming/",
-      "https://prometheus.io/docs/practices/alerting/",
-      "https://prometheus.io/docs/alerting/latest/alertmanager/",
-      "https://prometheus.io/docs/prometheus/latest/storage/",
-      "https://prometheus.io/docs/practices/remote_write/"
+      "https://playwright.dev/docs/test-cli",
+      "https://playwright.dev/docs/running-tests",
+      "https://playwright.dev/docs/test-reporters",
+      "https://playwright.dev/docs/trace-viewer",
+      "https://playwright.dev/docs/ci"
     ],
-    "security_notes": "honor_labels: true on untrusted scrape targets allows the scraped workload to override job/instance labels, enabling metric spoofing. Scrape configs pointing to external HTTP endpoints are SSRF candidates.",
-    "last_verified": "2026-05-02",
-    "path": "agents/prometheus/prometheus-alerting-cardinality-review-agent",
+    "security_notes": "Live-execution agent, read-only-runtime tier. Default mode is static and runs nothing; runtime execution is a per-session opt-in requiring explicit operator confirmation of a non-production target. Allowlisted commands only \u2014 npx playwright test, install, show-report. Refuses production targets. Never accepts or echoes credentials, tokens, or storageState. Incomplete runs degrade to manual-review, never auto-pass.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/playwright-e2e-execution-run-agent",
+    "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "scaleway-cost-optimizer-agent",
-    "name": "Scaleway Cost Optimizer",
+    "id": "playwright-e2e-suite-review-agent",
+    "name": "Playwright E2E Suite Review Agent",
     "type": "agent",
-    "provider": "scaleway",
+    "provider": "generic",
     "harnesses": [
       "codex",
       "copilot",
@@ -9200,10 +9831,165 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Advisory agent for Scaleway cost analysis: instance type rightsizing, reserved instance utilization, idle Object Storage and SBS volumes, Serverless function cold-start cost, and Cockpit observability spend.",
+    "summary": "Review Playwright spec files, config, and CI workflows for flakiness, selector brittleness, test isolation defects, retry masking, and CI reliability.",
     "source_type": "original",
     "official_docs": [
-      "https://www.scaleway.com/en/pricing/",
+      "https://playwright.dev/docs/best-practices",
+      "https://playwright.dev/docs/locators",
+      "https://playwright.dev/docs/test-assertions",
+      "https://playwright.dev/docs/test-retries",
+      "https://playwright.dev/docs/test-parallel",
+      "https://playwright.dev/docs/test-sharding",
+      "https://playwright.dev/docs/trace-viewer"
+    ],
+    "security_notes": "Static review only \u2014 never executes the suite, launches browsers, or contacts a target application. Never requests live URLs with embedded credentials, bearer tokens, real storageState files, or .env secrets.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/playwright-e2e-suite-review-agent",
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
+  {
+    "id": "plc-control-logic-safety-review-agent",
+    "name": "PLC Control Logic Safety Review Agent",
+    "type": "agent",
+    "provider": "generic",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Statically review exported IEC 61131-3 PLC program logic for safety and reliability defects \u2014 E-stop implementation, output fail-safe paths, latch integrity, memory-write races, forced I/O, interlock bypass governance, timer determinism, and watchdog coverage.",
+    "source_type": "original",
+    "official_docs": [
+      "https://plcopen.org/iec-61131-3",
+      "https://webstore.iec.ch/publication/4552",
+      "https://webstore.iec.ch/publication/22273",
+      "https://webstore.iec.ch/publication/26037",
+      "https://content.helpme-codesys.com/en/CODESYS%20Development%20System/_cds_structure_application_objects.html"
+    ],
+    "security_notes": "Static review only \u2014 never connects to a live PLC, never writes to a controller, never advises bypassing a safety function. Never requests live controller IP addresses, plant-network hostnames, historian credentials, or production asset identifiers. Ask for sanitized, anonymized exports only.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/plc-control-logic-safety-review-agent",
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
+  {
+    "id": "programmatic-supply-chain-integrity-review-agent",
+    "name": "Programmatic Supply Chain Integrity Review Agent",
+    "type": "agent",
+    "provider": "marketing",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review ads.txt, app-ads.txt, and sellers.json files for a publisher or advertiser's programmatic supply chain to detect unauthorized resellers, domain-spoofing exposure, and SupplyChain Object gaps.",
+    "companion_skills": [
+      "programmatic-supply-chain-integrity-review"
+    ],
+    "source_type": "original",
+    "official_docs": [
+      "https://iabtechlab.com/ads-txt/",
+      "https://iabtechlab.com/sellers-json/",
+      "https://iabtechlab.com/supplychain-object/",
+      "https://mediaratingcouncil.org/sites/default/files/Standards/MRC%20Invalid%20Traffic%20Detection%20and%20Filtration%20Guidelines%20Addendum.pdf",
+      "https://iabtechlab.com/app-ads-txt/"
+    ],
+    "security_notes": "Read-only advisory. Works from raw pasted text of ads.txt, app-ads.txt, and sellers.json files only; never requests DSP credentials, exchange account tokens, bid-stream logs, or revenue reports. These files are publicly resolvable at domain roots; no live crawl of production endpoints is performed.",
+    "last_verified": "2026-05-17",
+    "path": "agents/marketing/programmatic-supply-chain-integrity-review-agent/",
+    "harness_variants": {
+      "codex": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/codex.toml",
+      "copilot": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/kiro-cli.agent.json"
+    },
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
+  {
+    "id": "prometheus-alerting-cardinality-review-agent",
+    "name": "Prometheus Alerting and Cardinality Review Agent",
+    "type": "agent",
+    "provider": "prometheus",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review Prometheus and AlertManager configuration for cardinality risks, alert correctness, scrape security, routing safety, and retention adequacy.",
+    "source_type": "original",
+    "official_docs": [
+      "https://prometheus.io/docs/prometheus/latest/querying/basics/",
+      "https://prometheus.io/docs/practices/naming/",
+      "https://prometheus.io/docs/practices/alerting/",
+      "https://prometheus.io/docs/alerting/latest/alertmanager/",
+      "https://prometheus.io/docs/prometheus/latest/storage/",
+      "https://prometheus.io/docs/practices/remote_write/"
+    ],
+    "security_notes": "honor_labels: true on untrusted scrape targets allows the scraped workload to override job/instance labels, enabling metric spoofing. Scrape configs pointing to external HTTP endpoints are SSRF candidates.",
+    "last_verified": "2026-05-02",
+    "path": "agents/prometheus/prometheus-alerting-cardinality-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "rpa-workflow-resilience-review-agent",
+    "name": "RPA Workflow Resilience Review Agent",
+    "type": "agent",
+    "provider": "generic",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Review exported RPA workflow definitions for resilience and security defects \u2014 hardcoded credentials, brittle selectors, missing exception handling, non-idempotent logic, fixed delays, and invisible failures \u2014 statically, without connecting to a live orchestrator.",
+    "source_type": "original",
+    "official_docs": [
+      "https://docs.uipath.com/studio/standalone/latest/user-guide/about-workflow-analyzer",
+      "https://docs.uipath.com/studio/standalone/latest/user-guide/about-debugging",
+      "https://docs.uipath.com/orchestrator/standalone/latest/user-guide/about-assets",
+      "https://docs.automationanywhere.com/",
+      "https://learn.microsoft.com/en-us/power-automate/guidance/coding-guidelines/overview",
+      "https://learn.microsoft.com/en-us/power-automate/guidance/coding-guidelines/error-handling"
+    ],
+    "security_notes": "Static review only \u2014 never connects to a live orchestrator, never executes a bot, and never requests runner credentials or orchestrator connection strings. Never accepts workflow exports containing live PII, real customer data, or production connection strings.",
+    "last_verified": "2026-05-17",
+    "path": "agents/qa/rpa-workflow-resilience-review-agent",
+    "author": "github: Raishin",
+    "version": "0.1.0"
+  },
+  {
+    "id": "scaleway-cost-optimizer-agent",
+    "name": "Scaleway Cost Optimizer",
+    "type": "agent",
+    "provider": "scaleway",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Advisory agent for Scaleway cost analysis: instance type rightsizing, reserved instance utilization, idle Object Storage and SBS volumes, Serverless function cold-start cost, and Cockpit observability spend.",
+    "source_type": "original",
+    "official_docs": [
+      "https://www.scaleway.com/en/pricing/",
       "https://www.scaleway.com/en/docs/billing/",
       "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/instance_server",
       "https://www.scaleway.com/en/docs/observability/cockpit/",
@@ -9486,90 +10272,10 @@
     "version": "0.1.0"
   },
   {
-    "id": "marketing-consent-data-collection-review-agent",
-    "name": "Marketing Consent and Data-Collection Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review marketing consent posture \u2014 CMP banner config, tag-manager containers, Consent Mode wiring, and cookie policy \u2014 for GDPR/ePrivacy/CCPA correctness, dark patterns, and undisclosed trackers.",
-    "companion_skills": [
-      "marketing-consent-data-collection-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
-      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002L0058",
-      "https://oag.ca.gov/privacy/ccpa",
-      "https://developers.google.com/tag-platform/security/guides/consent",
-      "https://iabeurope.eu/transparency-consent-framework/"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized CMP and tag-manager configuration only; never requests real visitor data, consent-string archives, or analytics credentials. Surfaces regulatory risk but does not issue binding legal conclusions.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/marketing-consent-data-collection-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/marketing-consent-data-collection-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "marketing-pixel-data-leakage-review-agent",
-    "name": "Marketing Pixel Data-Leakage Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review advertising pixels and conversion event tracking for personal-data leakage to ad networks \u2014 PII in payloads, form-field auto-capture, pixels on sensitive pages, and unhashed identifier transmission.",
-    "companion_skills": [
-      "marketing-pixel-data-leakage-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html",
-      "https://www.ftc.gov/legal-library/browse/rules/health-breach-notification-rule",
-      "https://developers.facebook.com/docs/meta-pixel/",
-      "https://support.google.com/google-ads/answer/9888656",
-      "https://owasp.org/www-project-top-ten/"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized payloads and container exports only; never requests real visitor data, conversion logs, or ad-platform credentials. A leak found here may be a reportable breach \u2014 the agent surfaces that possibility and routes the determination to counsel and incident response rather than deciding it.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/marketing-pixel-data-leakage-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/marketing-pixel-data-leakage-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "martech-access-governance-review-agent",
-    "name": "Martech Access Governance Review Agent",
+    "id": "test-coverage-quality-review-agent",
+    "name": "Test Coverage Quality Review Agent",
     "type": "agent",
-    "provider": "marketing",
+    "provider": "generic",
     "harnesses": [
       "codex",
       "copilot",
@@ -9578,38 +10284,26 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review access governance across a marketing technology stack \u2014 OAuth connected apps, API keys, CRM and marketing-automation roles, and integration scopes \u2014 for least-privilege violations, shared and stale credentials, and missing ownership.",
-    "companion_skills": [
-      "martech-access-governance-review"
-    ],
+    "summary": "Review a test suite for assertion quality over coverage percentage \u2014 detecting coverage theater, assertion-free and tautological tests, mock over-specification, untested branches, and weak coverage gates.",
     "source_type": "original",
     "official_docs": [
-      "https://datatracker.ietf.org/doc/html/rfc6749",
-      "https://oauth.net/2/scope/",
-      "https://csrc.nist.gov/glossary/term/least_privilege",
-      "https://owasp.org/www-project-top-ten/",
-      "https://csrc.nist.gov/pubs/sp/800/207/final"
+      "https://martinfowler.com/bliki/TestCoverage.html",
+      "https://martinfowler.com/articles/mocksArentStubs.html",
+      "https://istanbul.js.org/docs/tutorials/coverage/",
+      "https://jestjs.io/docs/configuration",
+      "https://docs.pytest.org/en/stable/how-to/assert.html"
     ],
-    "security_notes": "Read-only advisory. Works from sanitized access inventories only; never requests, collects, or echoes credential values, API keys, tokens, or secrets. If a real credential is pasted, the agent treats it as compromised and recommends rotation.",
+    "security_notes": "Static review only \u2014 reads test source and coverage reports, never executes tests or runs a coverage tool. Never requests credentials, fixtures with real customer data, or production database snapshots.",
     "last_verified": "2026-05-17",
-    "path": "agents/marketing/martech-access-governance-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/martech-access-governance-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/martech-access-governance-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/martech-access-governance-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/martech-access-governance-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/martech-access-governance-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/martech-access-governance-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/martech-access-governance-review-agent/harnesses/kiro-cli.agent.json"
-    },
+    "path": "agents/qa/test-coverage-quality-review-agent",
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "marketing-maestro-agent",
-    "name": "Marketing Maestro",
+    "id": "test-flakiness-triage-agent",
+    "name": "Test Flakiness Triage Agent",
     "type": "agent",
-    "provider": "marketing",
+    "provider": "generic",
     "harnesses": [
       "codex",
       "copilot",
@@ -9618,430 +10312,18 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Route marketing-governance review tasks to the narrowest specialist across all 13 domains: consent and data-collection, advertising-pixel data-leakage, martech access-governance, GPC signal-honoring, email sender authentication, programmatic supply-chain integrity, AI ad-targeting fairness, EU AI Act marketing-system classification, lookalike audience upload compliance, email list retention, influencer disclosure, conversion-flow dark patterns, and analytics data minimization. Dispatches single or parallel teams (max 4); requires human gate for any mutation intent.",
+    "summary": "Triage flaky tests across any framework into root-cause categories, assign a quarantine or fix path per test, and audit CI retry configuration and quarantine policy.",
     "source_type": "original",
     "official_docs": [
-      "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
-      "https://oag.ca.gov/privacy/ccpa",
-      "https://developers.google.com/tag-platform/security/guides/consent"
+      "https://playwright.dev/docs/test-retries",
+      "https://docs.cypress.io/guides/guides/test-retries",
+      "https://jestjs.io/docs/cli",
+      "https://docs.pytest.org/en/stable/how-to/flaky.html",
+      "https://martinfowler.com/articles/nonDeterminism.html"
     ],
-    "security_notes": "Read-only routing agent. Never accepts, stores, or relays real visitor data, consent-string archives, ad-platform credentials, API keys, OAuth tokens, or tenant data. No external API calls made directly \u2014 all artifact review delegated to dispatched specialists. No auto-mutation: any mutating specialist dispatch requires an explicit human approval gate and a handoff packet.",
+    "security_notes": "Static review only \u2014 analyzes failure logs, rerun history, and test source; never executes or re-runs tests. Never requests CI credentials, dashboard API tokens, or production data embedded in logs.",
     "last_verified": "2026-05-17",
-    "path": "agents/marketing/marketing-maestro-agent",
-    "author": "github: Raishin",
-    "version": "0.1.0",
-    "companion_skills": [
-      "marketing-maestro"
-    ],
-    "execution_tier": "read-only-runtime",
-    "lifecycle": "experimental",
-    "harness_variants": {
-      "codex": "agents/marketing/marketing-maestro-agent/harnesses/codex.toml",
-      "claude-code": "agents/marketing/marketing-maestro-agent/harnesses/claude-code.agent.md",
-      "copilot": "agents/marketing/marketing-maestro-agent/harnesses/copilot.agent.md",
-      "cursor": "agents/marketing/marketing-maestro-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/marketing-maestro-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/marketing-maestro-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/marketing-maestro-agent/harnesses/kiro-cli.agent.json"
-    }
-  },
-  {
-    "id": "ai-advertising-targeting-fairness-review-agent",
-    "name": "AI Advertising Targeting Fairness Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review ad-platform audience targeting configurations and declared AI feature usage for protected-class discrimination risk under Fair Housing Act, ECOA, and EU AI Act Article 5 \u2014 proxy segments, algorithmic disparate impact, and missing Special Ad Category declarations.",
-    "companion_skills": [
-      "ai-advertising-targeting-fairness-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://www.ftc.gov/business-guidance/blog/2023/02/ftcs-ai-related-enforcement-actions",
-      "https://www.hud.gov/program_offices/fair_housing_equal_opp/fair_housing_act_overview",
-      "https://www.consumerfinance.gov/about-us/blog/cfpb-issues-guidance-on-credit-denials-by-lenders-using-artificial-intelligence/",
-      "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai",
-      "https://www.federalregister.gov/documents/2023/07/13/2023-14625/civil-rights-principles-for-the-use-of-artificial-intelligence"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized audience spec exports and declared AI feature annotations only; never requests live campaign credentials, ad-account access tokens, or real audience membership data. Legal determination of FHA, ECOA, or EU AI Act violations is routed to qualified counsel and compliance teams.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/ai-advertising-targeting-fairness-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/ai-advertising-targeting-fairness-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "analytics-data-minimization-review-agent",
-    "name": "Analytics Data-Minimization Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review analytics platform configuration \u2014 GA4 property settings, BigQuery export schema, custom event-parameter definitions, and user-property declarations \u2014 for data-minimization violations, excessive collection, and storage-period over-retention under GDPR Article 5(1)(c) and 5(1)(e) and EU DPA enforcement on GA4.",
-    "companion_skills": [
-      "analytics-data-minimization-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://gdpr-info.eu/art-5-gdpr/",
-      "https://www.cnil.fr/en/use-google-analytics-and-data-transfers-united-states-cnil-orders-website-manageroperator-comply/",
-      "https://www.cnil.fr/en/google-analytics-and-data-transfers-how-make-your-analytics-tool-compliant-gdpr",
-      "https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9782874",
-      "https://support.google.com/analytics/answer/9019185"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized analytics configuration exports and schema definitions only; never requests live analytics data, raw event exports containing real user identifiers, GA4 admin credentials, or BigQuery service-account keys. Findings may indicate cross-border transfer violations requiring DPA notification \u2014 the agent surfaces that possibility and routes legal assessment to qualified privacy counsel rather than deciding it.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/analytics-data-minimization-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/analytics-data-minimization-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/analytics-data-minimization-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/analytics-data-minimization-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/analytics-data-minimization-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/analytics-data-minimization-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/analytics-data-minimization-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/analytics-data-minimization-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "email-sender-authentication-review-agent",
-    "name": "Email Sender Authentication Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review DNS sender-authentication records (SPF, DKIM, DMARC, BIMI) for a marketing domain to identify policy gaps exposing campaigns to rejection, spoofing, or inbox displacement.",
-    "companion_skills": [
-      "email-sender-authentication-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://datatracker.ietf.org/doc/html/rfc7489",
-      "https://support.google.com/mail/answer/81126",
-      "https://www.pcisecuritystandards.org/document_library/",
-      "https://www.cisa.gov/sites/default/files/publications/bod-18-01.pdf",
-      "https://datatracker.ietf.org/doc/html/rfc7208"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized DNS TXT record exports only; never requests ESP account credentials, DMARC aggregate report XML, or sending-platform API keys. DNS records are public data; this agent does not perform live DNS lookups against production infrastructure.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/email-sender-authentication-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/email-sender-authentication-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/email-sender-authentication-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/email-sender-authentication-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/email-sender-authentication-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/email-sender-authentication-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/email-sender-authentication-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/email-sender-authentication-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "eu-ai-act-marketing-system-review-agent",
-    "name": "EU AI Act Marketing System Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review a marketing AI system description card against EU AI Act Regulation 2024/1689 risk-tier criteria \u2014 classify the system, flag documentation obligations (Articles 11, 13, 14, 43), and identify deployment-readiness gaps before the August 2, 2026 full-enforcement date.",
-    "companion_skills": [
-      "eu-ai-act-marketing-system-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689",
-      "https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai",
-      "https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence",
-      "https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-022023-technical-scope-art-22-gdpr_en",
-      "https://artificialintelligenceact.eu/the-act/"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized AI system description cards only; never requests model weights, training datasets, internal performance logs, or vendor system-access credentials. Article 5 prohibited-practice determination is routed to qualified legal counsel rather than decided by the agent.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/eu-ai-act-marketing-system-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/eu-ai-act-marketing-system-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "influencer-disclosure-compliance-review-agent",
-    "name": "Influencer Disclosure Compliance Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review influencer campaign audit packs \u2014 brief, contract, post descriptions, and disclosure placement specs \u2014 for FTC Endorsement Guide violations: undisclosed material connections, inadequate disclosure placement, and brand liability exposure.",
-    "companion_skills": [
-      "influencer-disclosure-compliance-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://www.ftc.gov/legal-library/browse/rules/endorsement-guides",
-      "https://www.ecfr.gov/current/title-16/chapter-I/subchapter-B/part-255",
-      "https://www.ftc.gov/system/files/ftc_gov/pdf/ftc-endorsement-guides-final-rule.pdf",
-      "https://www.ftc.gov/legal-library/browse/statutes/federal-trade-commission-act",
-      "https://www.ftc.gov/business-guidance/resources/ftcs-endorsement-guides-what-people-are-asking"
-    ],
-    "security_notes": "Read-only advisory. Works from a structured influencer campaign audit pack only \u2014 brief, contract excerpt, post descriptions, and disclosure spec. Never requests raw personal data about creators, unpublished financial negotiations, or live platform credentials. Does not generate campaign content or creator instructions. A finding of systematic non-disclosure may warrant legal escalation before campaign continuation.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/influencer-disclosure-compliance-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/influencer-disclosure-compliance-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "lookalike-audience-upload-compliance-review-agent",
-    "name": "Lookalike Audience Upload Compliance Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review custom-audience and lookalike-audience upload specifications for hashing adequacy, PII field scope, consent-basis validity, and platform data-sharing restrictions before upload to Meta, Google, LinkedIn, or TikTok \u2014 catching underhashed identifiers, consent-scope mismatches, and re-identification surfaces.",
-    "companion_skills": [
-      "lookalike-audience-upload-compliance-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679",
-      "https://oag.ca.gov/privacy/ccpa",
-      "https://www.ftc.gov/reports/data-brokers-call-transparency-accountability",
-      "https://developers.facebook.com/docs/marketing-api/audiences/guides/custom-audiences/",
-      "https://support.google.com/google-ads/answer/6334160"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized field-mapping specifications, declared hashing methods, and consent-basis documentation only; never requests actual audience files, real customer records, or platform API credentials. Legal determination of breach, unauthorized sharing, or unlawful transfer is routed to qualified counsel and the privacy compliance team.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/lookalike-audience-upload-compliance-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/lookalike-audience-upload-compliance-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "marketing-conversion-flow-dark-pattern-review-agent",
-    "name": "Marketing Conversion Flow Dark-Pattern Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review marketing conversion flow specifications \u2014 subscription sign-up, upsell interstitial, free-trial enrollment, and cancellation path \u2014 for dark-pattern practices that invalidate consent or constitute unfair or deceptive acts under FTC Section 5, the FTC Negative Option Rule, CPRA, and EU AI Act Article 5(1)(b).",
-    "companion_skills": [
-      "marketing-conversion-flow-dark-pattern-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://www.ftc.gov/legal-library/browse/rules/negative-option-rule",
-      "https://www.ftc.gov/system/files/ftc_gov/pdf/P214800+Dark+Patterns+Report+9.14.2022+-+FINAL.pdf",
-      "https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.140.",
-      "https://oag.ca.gov/privacy/ccpa",
-      "https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized UX flow specifications and annotated wireframes only; never requests real payment credentials, live user-session data, or production A/B-test results containing real user identities. Findings may indicate FTC civil penalty exposure \u2014 the agent surfaces that possibility and routes enforcement-risk assessment to qualified legal counsel rather than quantifying penalties.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "marketing-email-list-retention-review-agent",
-    "name": "Marketing Email List Retention Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review marketing email list segment metadata, consent-record completeness, suppression-list coverage, and data-retention schedules for GDPR, CASL, and CCPA deletion-right compliance.",
-    "companion_skills": [
-      "marketing-email-list-retention-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://gdpr-info.eu/art-5-gdpr/",
-      "https://gdpr-info.eu/art-17-gdpr/",
-      "https://laws-lois.justice.gc.ca/eng/acts/C-28.65/page-1.html",
-      "https://oag.ca.gov/privacy/ccpa",
-      "https://www.canada.ca/en/radio-television-telecommunications/news/2014/07/compliance-and-enforcement-information-bulletin-crtc-2014-326.html"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized CRM/ESP exports only \u2014 placeholder values for all subscriber PII; never requests real email addresses, subscriber IDs, CRM credentials, or ESP API keys. Findings of ongoing deletion-SLA breaches or broken CASL consent chains are routed to legal counsel and incident response, not resolved by the agent.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/marketing-email-list-retention-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/marketing-email-list-retention-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "marketing-gpc-signal-honoring-review-agent",
-    "name": "Marketing GPC Signal Honoring Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review the technical signal path by which a Global Privacy Control opt-out travels through the CMP and tag stack to confirm ad tags, server-side conversion APIs, and CAPI forwarding actually cease firing on opt-out.",
-    "companion_skills": [
-      "marketing-gpc-signal-honoring-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://cppa.ca.gov/regulations/pdf/cppa_regs.pdf",
-      "https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.135.&lawCode=CIV",
-      "https://globalprivacycontrol.org/",
-      "https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB566",
-      "https://oag.ca.gov/privacy/ccpa"
-    ],
-    "security_notes": "Read-only advisory. Works from sanitized tag-manager container exports and CMP configuration exports only; never requests live consent logs, visitor opt-out records, or ad-platform credentials. Findings of non-compliance may constitute evidence in a CPPA enforcement proceeding \u2014 legal determinations are routed to qualified privacy counsel, not decided by this agent.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/marketing-gpc-signal-honoring-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/marketing-gpc-signal-honoring-review-agent/harnesses/kiro-cli.agent.json"
-    },
-    "author": "github: Raishin",
-    "version": "0.1.0"
-  },
-  {
-    "id": "programmatic-supply-chain-integrity-review-agent",
-    "name": "Programmatic Supply Chain Integrity Review Agent",
-    "type": "agent",
-    "provider": "marketing",
-    "harnesses": [
-      "codex",
-      "copilot",
-      "claude-code",
-      "cursor",
-      "gemini",
-      "kiro"
-    ],
-    "summary": "Review ads.txt, app-ads.txt, and sellers.json files for a publisher or advertiser's programmatic supply chain to detect unauthorized resellers, domain-spoofing exposure, and SupplyChain Object gaps.",
-    "companion_skills": [
-      "programmatic-supply-chain-integrity-review"
-    ],
-    "source_type": "original",
-    "official_docs": [
-      "https://iabtechlab.com/ads-txt/",
-      "https://iabtechlab.com/sellers-json/",
-      "https://iabtechlab.com/supplychain-object/",
-      "https://mediaratingcouncil.org/sites/default/files/Standards/MRC%20Invalid%20Traffic%20Detection%20and%20Filtration%20Guidelines%20Addendum.pdf",
-      "https://iabtechlab.com/app-ads-txt/"
-    ],
-    "security_notes": "Read-only advisory. Works from raw pasted text of ads.txt, app-ads.txt, and sellers.json files only; never requests DSP credentials, exchange account tokens, bid-stream logs, or revenue reports. These files are publicly resolvable at domain roots; no live crawl of production endpoints is performed.",
-    "last_verified": "2026-05-17",
-    "path": "agents/marketing/programmatic-supply-chain-integrity-review-agent/",
-    "harness_variants": {
-      "codex": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/codex.toml",
-      "copilot": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/copilot.agent.md",
-      "claude-code": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/claude-code.agent.md",
-      "cursor": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/cursor.agent.md",
-      "gemini": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/gemini.agent.md",
-      "kiro-ide": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/kiro-ide.agent.md",
-      "kiro-cli": "agents/marketing/programmatic-supply-chain-integrity-review-agent/harnesses/kiro-cli.agent.json"
-    },
+    "path": "agents/qa/test-flakiness-triage-agent",
     "author": "github: Raishin",
     "version": "0.1.0"
   }