@skillsmith/core 0.5.3 → 0.5.5

package/dist/src/scripts/skill-scanner/trust-scorer.js

@@ -1,28 +1,47 @@
 /**
  * SMI-1189: Trust Scorer
+ * SMI-4396: Allowlist-aware quarantine predicate.
  *
  * Trust score calculation and quarantine decision logic.
  */
+import { calculateRiskScore } from '../../security/scanner/SecurityScanner.helpers.js';
 /** Default trust scorer configuration */
 export const DEFAULT_TRUST_CONFIG = {
     quarantineThreshold: 40,
 };
 /**
- * Determines if a skill should be quarantined based on findings
+ * Determines if a skill should be quarantined based on findings.
  *
- * A skill is quarantined if:
- * 1. Has critical or high severity findings
- * 2. Risk score exceeds threshold
- * 3. Scan failed (passed = false)
+ * SMI-4396: when an allowlist matcher is provided, findings the matcher
+ * approves are removed BEFORE the quarantine check runs, and the risk score
+ * is recomputed from the filtered set rather than trusting report.riskScore
+ * (which was computed pre-allowlist inside SecurityScanner.scan).
+ *
+ * !report.passed is intentionally NOT part of the predicate: `passed` is
+ * also computed pre-allowlist, so keeping it here would re-quarantine every
+ * allowlisted skill whose raw scan had critical/high findings — defeating
+ * the allowlist's purpose. The new two-clause predicate still covers the old
+ * semantics: any scan that was `passed: false` must have had at least one
+ * critical/high finding OR score >= threshold, both of which are still caught.
+ *
+ * A skill is quarantined if ANY of:
+ * 1. Post-allowlist findings contain a critical or high severity entry
+ * 2. Post-allowlist risk score >= quarantineThreshold
  *
  * @param report - The scan report for the skill
  * @param config - Trust scorer configuration
+ * @param allowlist - Optional per-skill allowlist (SMI-4396)
  * @returns true if the skill should be quarantined
  */
-export function shouldQuarantine(report, config = DEFAULT_TRUST_CONFIG) {
-    return (!report.passed ||
-        report.riskScore >= config.quarantineThreshold ||
-        report.findings.some((f) => f.severity === 'critical' || f.severity === 'high'));
+export function shouldQuarantine(report, config = DEFAULT_TRUST_CONFIG, allowlist) {
+    const effectiveFindings = allowlist
+        ? report.findings.filter((f) => !allowlist.isAllowed(report.skillId, f))
+        : report.findings;
+    if (effectiveFindings.some((f) => f.severity === 'critical' || f.severity === 'high')) {
+        return true;
+    }
+    const effectiveRisk = calculateRiskScore(effectiveFindings).total;
+    return effectiveRisk >= config.quarantineThreshold;
 }
 /**
  * Calculate average risk score from results

package/dist/src/scripts/skill-scanner/trust-scorer.js.map

@@ -1 +1 @@
-{"version":3,"file":"trust-scorer.js","sourceRoot":"","sources":["../../../../src/scripts/skill-scanner/trust-scorer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAYH,yCAAyC;AACzC,MAAM,CAAC,MAAM,oBAAoB,GAAsB;IACrD,mBAAmB,EAAE,EAAE;CACxB,CAAA;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAkB,EAClB,SAA4B,oBAAoB;IAEhD,OAAO,CACL,CAAC,MAAM,CAAC,MAAM;QACd,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,mBAAmB;QAC9C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAChF,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAA0C;IAClF,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAA;IAC5B,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,CAAC,CAAA;IAEzB,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC,CAAC,CAAA;IACvE,OAAO,GAAG,GAAG,KAAK,CAAA;AACpB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAA0C;IAC9E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAA;IAClC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;AAChE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAA0C;IAIzE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,CAAA;IAC7D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,CAAA;IAEjE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AAChC,CAAC"}
+{"version":3,"file":"trust-scorer.js","sourceRoot":"","sources":["../../../../src/scripts/skill-scanner/trust-scorer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,mDAAmD,CAAA;AAWtF,yCAAyC;AACzC,MAAM,CAAC,MAAM,oBAAoB,GAAsB;IACrD,mBAAmB,EAAE,EAAE;CACxB,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAkB,EAClB,SAA4B,oBAAoB,EAChD,SAA4B;IAE5B,MAAM,iBAAiB,GAAG,SAAS;QACjC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAA;IAEnB,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,CAAC;QACtF,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,aAAa,GAAG,kBAAkB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAA;IACjE,OAAO,aAAa,IAAI,MAAM,CAAC,mBAAmB,CAAA;AACpD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAA0C;IAClF,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAA;IAC5B,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,CAAC,CAAA;IAEzB,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC,CAAC,CAAA;IACvE,OAAO,GAAG,GAAG,KAAK,CAAA;AACpB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAA0C;IAC9E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAA;IAClC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;AAChE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAA0C;IAIzE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,CAAA;IAC7D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,CAAA;IAEjE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AAChC,CAAC"}

package/dist/src/scripts/skill-scanner/types.d.ts

@@ -138,5 +138,55 @@ export interface JsonOutput {
         safe: string;
     };
 }
+/**
+ * SMI-4396: Allowlist entry for per-skill, per-finding-type exemptions.
+ *
+ * Entries are loaded from data/skills-security-allowlist.json. Each entry
+ * exempts a specific (skillId, findingType, messagePattern) triple from
+ * triggering quarantine. Genuine new attacks on an allowlisted skill still
+ * quarantine because the match is per-finding, not per-skill.
+ */
+export interface AllowlistEntry {
+    /** Exact skill identifier (no wildcards). Must match SecurityFinding context. */
+    skillId: string;
+    /** Finding type to exempt (must match SecurityFinding.type). */
+    findingType: string;
+    /**
+     * Which field of the finding the pattern matches against.
+     * - `message` (default): the finding's human-readable message string
+     * - `location`: the raw line / location where the finding occurred (use for
+     *   matching raw UTF-8 bytes like CJK full-width spaces that don't survive
+     *   escape-sequence round-tripping through finding.message)
+     */
+    matchField?: 'message' | 'location';
+    /** Regex pattern (ReDoS-validated at load time). */
+    messagePattern: string;
+    /** Human-readable justification (required). */
+    reason: string;
+    /** GitHub username or team who reviewed the entry (required). */
+    reviewedBy: string;
+    /** YYYY-MM-DD when the entry was reviewed. */
+    reviewedAt: string;
+    /** YYYY-MM-DD after which the entry stops applying (fail-safe toward quarantine). */
+    expiresAt: string;
+}
+/**
+ * SMI-4396: Root shape of data/skills-security-allowlist.json.
+ */
+export interface AllowlistFile {
+    version: number;
+    generatedAt: string;
+    allowlist: AllowlistEntry[];
+}
+/**
+ * SMI-4396: Matcher interface consumed by shouldQuarantine and scanSkill.
+ *
+ * An empty matcher (no entries loaded) returns false for every check — callers
+ * can always pass one regardless of whether allowlist data exists, keeping the
+ * quarantine path backward-compatible.
+ */
+export interface AllowlistMatcher {
+    isAllowed(skillId: string, finding: SecurityFinding, today?: Date): boolean;
+}
 export type { ScanReport, SecurityFinding, SecuritySeverity };
 //# sourceMappingURL=types.d.ts.map

package/dist/src/scripts/skill-scanner/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/scripts/skill-scanner/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAE5F;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;IACf,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;AAErE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,aAAa,EAAE,OAAO,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAA;QAC5C,gBAAgB,EAAE,MAAM,CAAA;QACxB,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IACD,OAAO,EAAE,eAAe,EAAE,CAAA;IAC1B,WAAW,EAAE,KAAK,CAAC;QACjB,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,gBAAgB,CAAA;KAC3B,CAAC,CAAA;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,KAAK,CAAC;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;QACjB,gBAAgB,EAAE,gBAAgB,CAAA;QAClC,WAAW,EAAE,MAAM,EAAE,CAAA;KACtB,CAAC,CAAA;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,KAAK,CAAC;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;KAClB,CAAC,CAAA;CACH;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,IAAI,EAAE,OAAO,CAAA;IACb,0BAA0B;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,kCAAkC;IAClC,KAAK,EAAE,OAAO,CAAA;IACd,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAA;QAC5C,gBAAgB,EAAE,MAAM,CAAA;QACxB,YAAY,EAAE,MAAM,CAAA;QACpB,QAAQ,EAAE,MAAM,CAAA;QAChB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;IACD,WAAW,EAAE,KAAK,CAAC;QACjB,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,QAAQ,EAAE,gBAAgB,CAAA;QAC1B,UAAU,EAAE,MAAM,CAAA;KACnB,CAAC,CAAA;IACF,IAAI,EAAE,KAAK,CAAC;QACV,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;KAClB,CAAC,CAAA;IACF,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,MAAM,CAAA;QAClB,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;CACF;AAGD,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,CAAA"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/scripts/skill-scanner/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAE5F;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;IACf,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;AAErE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,UAAU,CAAA;IACtB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,aAAa,EAAE,OAAO,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAA;QAC5C,gBAAgB,EAAE,MAAM,CAAA;QACxB,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IACD,OAAO,EAAE,eAAe,EAAE,CAAA;IAC1B,WAAW,EAAE,KAAK,CAAC;QACjB,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,gBAAgB,CAAA;KAC3B,CAAC,CAAA;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,KAAK,CAAC;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;QACjB,gBAAgB,EAAE,gBAAgB,CAAA;QAClC,WAAW,EAAE,MAAM,EAAE,CAAA;KACtB,CAAC,CAAA;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,KAAK,CAAC;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,EAAE,MAAM,CAAA;QACd,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;KAClB,CAAC,CAAA;CACH;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,IAAI,EAAE,OAAO,CAAA;IACb,0BAA0B;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,kCAAkC;IAClC,KAAK,EAAE,OAAO,CAAA;IACd,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAA;QAC5C,gBAAgB,EAAE,MAAM,CAAA;QACxB,YAAY,EAAE,MAAM,CAAA;QACpB,QAAQ,EAAE,MAAM,CAAA;QAChB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;IACD,WAAW,EAAE,KAAK,CAAC;QACjB,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;QACjB,QAAQ,EAAE,gBAAgB,CAAA;QAC1B,UAAU,EAAE,MAAM,CAAA;KACnB,CAAC,CAAA;IACF,IAAI,EAAE,KAAK,CAAC;QACV,OAAO,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;KAClB,CAAC,CAAA;IACF,WAAW,EAAE;QACX,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,MAAM,CAAA;QAClB,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;CACF;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,cAAc;IAC7B,iFAAiF;IACjF,OAAO,EAAE,MAAM,CAAA;IACf,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,SAAS,GAAG,UAAU,CAAA;IACnC,oDAAoD;IACpD,cAAc,EAAE,MAAM,CAAA;IACtB,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAA;IACd,iEAAiE;IACjE,UAAU,EAAE,MAAM,CAAA;IAClB,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAA;IAClB,qFAAqF;IACrF,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,cAAc,EAAE,CAAA;CAC5B;AAED;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAA;CAC5E;AAGD,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,CAAA"}

package/dist/src/scripts/validation/types.d.ts

@@ -103,7 +103,12 @@ export interface DuplicatesReport {
     };
     duplicates: DuplicateEntry[];
 }
-export declare const TrustTierSchema: z.ZodEnum<["verified", "community", "experimental", "unknown"]>;
+export declare const TrustTierSchema: z.ZodEnum<{
+    verified: "verified";
+    community: "community";
+    experimental: "experimental";
+    unknown: "unknown";
+}>;
 export declare const ValidatedSkillSchema: z.ZodObject<{
     id: z.ZodString;
     name: z.ZodString;
@@ -111,28 +116,13 @@ export declare const ValidatedSkillSchema: z.ZodObject<{
     author: z.ZodString;
     repo_url: z.ZodNullable<z.ZodString>;
     quality_score: z.ZodNumber;
-    trust_tier: z.ZodEnum<["verified", "community", "experimental", "unknown"]>;
-    tags: z.ZodArray<z.ZodString, "many">;
+    trust_tier: z.ZodEnum<{
+        verified: "verified";
+        community: "community";
+        experimental: "experimental";
+        unknown: "unknown";
+    }>;
+    tags: z.ZodArray<z.ZodString>;
     source: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    source: string;
-    id: string;
-    name: string;
-    description: string;
-    author: string;
-    tags: string[];
-    repo_url: string | null;
-    quality_score: number;
-    trust_tier: "verified" | "community" | "experimental" | "unknown";
-}, {
-    source: string;
-    id: string;
-    name: string;
-    description: string;
-    author: string;
-    tags: string[];
-    repo_url: string | null;
-    quality_score: number;
-    trust_tier: "verified" | "community" | "experimental" | "unknown";
-}>;
+}, z.core.$strip>;
 //# sourceMappingURL=types.d.ts.map

package/dist/src/scripts/validation/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/scripts/validation/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,MAAM;IACjB,8BAA8B;;IAE9B,+BAA+B;;IAE/B,4DAA4D;;IAE5D,6BAA6B;8BAMxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAC3B,wBAAwB;;CAEhB,CAAA;AAMV,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEjE,8DAA8D;AAC9D,MAAM,WAAW,aAAa;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,+CAA+C;AAC/C,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,SAAS,CAAA;IACrB,IAAI,EAAE,MAAM,EAAE,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;CACf;AAED,0CAA0C;AAC1C,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,0CAA0C;AAC1C,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAA;IACd,KAAK,EAAE,cAAc,GAAG,IAAI,CAAA;IAC5B,QAAQ,EAAE,aAAa,CAAA;IACvB,MAAM,EAAE,oBAAoB,EAAE,CAAA;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,EAAE,MAAM,EAAE,CAAA;CAChB;AAED,iCAAiC;AACjC,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,cAAc,CAAA;IACpB,SAAS,EAAE,cAAc,CAAA;IACzB,MAAM,EAAE,UAAU,GAAG,qBAAqB,CAAA;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,gCAAgC;AAChC,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,cAAc,EAAE,MAAM,CAAA;QACtB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,kBAAkB,EAAE,MAAM,CAAA;QAC1B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KACxC,CAAA;IACD,MAAM,EAAE,KAAK,CAAC;QACZ,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;QAC9B,MAAM,EAAE,oBAAoB,EAAE,CAAA;KAC/B,CAAC,CAAA;IACF,QAAQ,EAAE,KAAK,CAAC;QACd,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;QAC9B,QAAQ,EAAE,MAAM,EAAE,CAAA;KACnB,CAAC,CAAA;IACF,KAAK,EAAE,KAAK,CAAC;QACX,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;QAC9B,KAAK,EAAE,MAAM,EAAE,CAAA;KAChB,CAAC,CAAA;CACH;AAED,wBAAwB;AACxB,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE;QACP,gBAAgB,EAAE,MAAM,CAAA;QACxB,WAAW,EAAE,MAAM,CAAA;QACnB,sBAAsB,EAAE,MAAM,CAAA;KAC/B,CAAA;IACD,UAAU,EAAE,cAAc,EAAE,CAAA;CAC7B;AAMD,eAAO,MAAM,eAAe,iEAAmC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa/B,CAAA"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/scripts/validation/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAMvB,eAAO,MAAM,MAAM;IACjB,8BAA8B;;IAE9B,+BAA+B;;IAE/B,4DAA4D;;IAE5D,6BAA6B;8BAMxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAC3B,wBAAwB;;CAEhB,CAAA;AAMV,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEjE,8DAA8D;AAC9D,MAAM,WAAW,aAAa;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,+CAA+C;AAC/C,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,SAAS,CAAA;IACrB,IAAI,EAAE,MAAM,EAAE,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;CACf;AAED,0CAA0C;AAC1C,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,0CAA0C;AAC1C,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAA;IACd,KAAK,EAAE,cAAc,GAAG,IAAI,CAAA;IAC5B,QAAQ,EAAE,aAAa,CAAA;IACvB,MAAM,EAAE,oBAAoB,EAAE,CAAA;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,EAAE,MAAM,EAAE,CAAA;CAChB;AAED,iCAAiC;AACjC,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,cAAc,CAAA;IACpB,SAAS,EAAE,cAAc,CAAA;IACzB,MAAM,EAAE,UAAU,GAAG,qBAAqB,CAAA;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,gCAAgC;AAChC,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,cAAc,EAAE,MAAM,CAAA;QACtB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,kBAAkB,EAAE,MAAM,CAAA;QAC1B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KACxC,CAAA;IACD,MAAM,EAAE,KAAK,CAAC;QACZ,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;QAC9B,MAAM,EAAE,oBAAoB,EAAE,CAAA;KAC/B,CAAC,CAAA;IACF,QAAQ,EAAE,KAAK,CAAC;QACd,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;QAC9B,QAAQ,EAAE,MAAM,EAAE,CAAA;KACnB,CAAC,CAAA;IACF,KAAK,EAAE,KAAK,CAAC;QACX,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;QAC9B,KAAK,EAAE,MAAM,EAAE,CAAA;KAChB,CAAC,CAAA;CACH;AAED,wBAAwB;AACxB,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE;QACP,gBAAgB,EAAE,MAAM,CAAA;QACxB,WAAW,EAAE,MAAM,CAAA;QACnB,sBAAsB,EAAE,MAAM,CAAA;KAC/B,CAAA;IACD,UAAU,EAAE,cAAc,EAAE,CAAA;CAC7B;AAMD,eAAO,MAAM,eAAe;;;;;EAAmC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;iBAa/B,CAAA"}

package/dist/src/security/scanner/SecurityScanner.helpers.d.ts

@@ -12,6 +12,14 @@ export interface LineContext {
     inTable: boolean;
     isIndentedCode: boolean;
     isInlineCode: boolean;
+    /**
+     * SMI-4396 Wave 2: line falls within a YAML frontmatter block
+     * (between opening `---` at file start and the next `---`). SKILL.md
+     * authors legitimately include domain keywords (`password`, `secrets`,
+     * `privilege escalation`) in `description:` fields — findings in
+     * this context are documentation, not code.
+     */
+    inFrontmatter: boolean;
 }
 /**
  * SMI-1532: Check if a regex pattern requires multi-line matching
@@ -22,6 +30,12 @@ export declare function isMultilinePattern(pattern: RegExp): boolean;
 /**
  * Analyze markdown content and return context for each line
  * Used to reduce false positives in documentation/examples
+ *
+ * SMI-4396 Wave 2: tracks YAML frontmatter context (the `---`-fenced block
+ * at the top of a SKILL.md). Opening `---` must be at line 0 (ignoring
+ * leading blank lines); closing `---` ends the block. Lines within are
+ * marked inFrontmatter=true so their keyword matches downgrade to
+ * documentation severity.
  */
 export declare function analyzeMarkdownContext(content: string): LineContext[];
 /**
@@ -29,6 +43,10 @@ export declare function analyzeMarkdownContext(content: string): LineContext[];
  * Note: isInlineCode is intentionally excluded — it marks the entire line,
  * but only specific match positions within backtick spans should reduce severity.
  * Use isWithinInlineCode() for per-span granularity (SMI-3521).
+ *
+ * SMI-4396 Wave 2: inFrontmatter also counts as documentation context.
+ * SKILL.md authors legitimately include domain keywords in description:
+ * fields (1Password integrations, security-research skills, etc.).
  */
 export declare function isDocumentationContext(ctx: LineContext): boolean;
 /**

package/dist/src/security/scanner/SecurityScanner.helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityScanner.helpers.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAElB,gBAAgB,EACjB,MAAM,YAAY,CAAA;AAQnB;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,OAAO,CAAA;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,EAAE,OAAO,CAAA;IACvB,YAAY,EAAE,OAAO,CAAA;CACtB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAK3D;AAMD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE,CAqCrE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAEhE;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAW5E;AAMD,UAAU,mBAAmB;IAC3B,IAAI,EAAE,mBAAmB,CAAA;IACzB,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,mDAAmD;IACnD,UAAU,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAA;CACjD;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,mBAAmB,EAC3B,YAAY,CAAC,EAAE,WAAW,EAAE,GAC3B,eAAe,EAAE,CAoEnB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,kBAAkB,CAAA;CAC9B,CA+FA"}
+{"version":3,"file":"SecurityScanner.helpers.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAElB,gBAAgB,EACjB,MAAM,YAAY,CAAA;AAQnB;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,OAAO,CAAA;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,EAAE,OAAO,CAAA;IACvB,YAAY,EAAE,OAAO,CAAA;IACrB;;;;;;OAMG;IACH,aAAa,EAAE,OAAO,CAAA;CACvB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAK3D;AAMD;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE,CA0ErE;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAEhE;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAW5E;AAMD,UAAU,mBAAmB;IAC3B,IAAI,EAAE,mBAAmB,CAAA;IACzB,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,mDAAmD;IACnD,UAAU,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAA;CACjD;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,mBAAmB,EAC3B,YAAY,CAAC,EAAE,WAAW,EAAE,GAC3B,eAAe,EAAE,CAoEnB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,kBAAkB,CAAA;CAC9B,CA+FA"}

package/dist/src/security/scanner/SecurityScanner.helpers.js

@@ -22,35 +22,79 @@ export function isMultilinePattern(pattern) {
 /**
  * Analyze markdown content and return context for each line
  * Used to reduce false positives in documentation/examples
+ *
+ * SMI-4396 Wave 2: tracks YAML frontmatter context (the `---`-fenced block
+ * at the top of a SKILL.md). Opening `---` must be at line 0 (ignoring
+ * leading blank lines); closing `---` ends the block. Lines within are
+ * marked inFrontmatter=true so their keyword matches downgrade to
+ * documentation severity.
  */
 export function analyzeMarkdownContext(content) {
     const lines = content.split('\n');
     const contexts = [];
     let inFencedCodeBlock = false;
+    // SMI-4396 Wave 2: frontmatter state machine
+    // frontmatterState: 'pending' (before any non-blank line), 'open' (inside), 'closed' (after second fence).
+    let frontmatterState = 'pending';
+    let frontmatterOpenedAtLine = -1;
     for (let i = 0; i < lines.length; i++) {
         const line = lines[i];
         const trimmedLine = line.trim();
-        // Check for fenced code block boundaries (``` or ~~~)
-        if (/^(`{3,}|~{3,})/.test(trimmedLine)) {
+        // SMI-4396 Wave 2: detect opening/closing frontmatter fence.
+        // Opening must be at file start (only blank lines precede); closing is
+        // the next `---` on its own line after the opening.
+        let lineInFrontmatter = false;
+        if (trimmedLine === '---') {
+            if (frontmatterState === 'pending') {
+                // Opening fence: only valid if no content lines have preceded.
+                frontmatterState = 'open';
+                frontmatterOpenedAtLine = i;
+                lineInFrontmatter = true; // the fence itself is part of frontmatter
+            }
+            else if (frontmatterState === 'open') {
+                frontmatterState = 'closed';
+                lineInFrontmatter = true; // the closing fence too
+            }
+        }
+        else if (frontmatterState === 'pending' && trimmedLine.length > 0) {
+            // First non-blank non-fence line: frontmatter never opened. Abort the pending state.
+            frontmatterState = 'closed';
+        }
+        else if (frontmatterState === 'open') {
+            lineInFrontmatter = true;
+        }
+        // Check for fenced code block boundaries (``` or ~~~). Frontmatter lines
+        // never participate — YAML is not markdown code fences.
+        if (!lineInFrontmatter && /^(`{3,}|~{3,})/.test(trimmedLine)) {
             inFencedCodeBlock = !inFencedCodeBlock;
         }
         // Check for table row (starts with |)
-        const inTable = trimmedLine.startsWith('|');
+        const inTable = !lineInFrontmatter && trimmedLine.startsWith('|');
         // Check for indented code block (4+ spaces or tab at start, not in list)
-        const isIndentedCode = /^( {4,}|\t)/.test(line) &&
+        const isIndentedCode = !lineInFrontmatter &&
+            /^( {4,}|\t)/.test(line) &&
             !inFencedCodeBlock &&
             !trimmedLine.startsWith('-') &&
             !trimmedLine.startsWith('*');
         // Check for inline code (content between backticks on same line)
-        const isInlineCode = /`[^`]+`/.test(line) && !inFencedCodeBlock;
+        const isInlineCode = !lineInFrontmatter && /`[^`]+`/.test(line) && !inFencedCodeBlock;
         contexts.push({
             lineNumber: i + 1,
             inCodeBlock: inFencedCodeBlock,
             inTable,
             isIndentedCode,
             isInlineCode,
+            inFrontmatter: lineInFrontmatter,
         });
     }
+    // If we opened frontmatter but never closed it, unwind — do NOT mark the
+    // whole file as frontmatter. This is defensive against malformed files
+    // where a bare `---` sneaks in without a close.
+    if (frontmatterState === 'open' && frontmatterOpenedAtLine >= 0) {
+        for (let i = frontmatterOpenedAtLine; i < contexts.length; i++) {
+            contexts[i].inFrontmatter = false;
+        }
+    }
     return contexts;
 }
 /**
@@ -58,9 +102,13 @@ export function analyzeMarkdownContext(content) {
  * Note: isInlineCode is intentionally excluded — it marks the entire line,
  * but only specific match positions within backtick spans should reduce severity.
  * Use isWithinInlineCode() for per-span granularity (SMI-3521).
+ *
+ * SMI-4396 Wave 2: inFrontmatter also counts as documentation context.
+ * SKILL.md authors legitimately include domain keywords in description:
+ * fields (1Password integrations, security-research skills, etc.).
  */
 export function isDocumentationContext(ctx) {
-    return ctx.inCodeBlock || ctx.inTable || ctx.isIndentedCode;
+    return ctx.inCodeBlock || ctx.inTable || ctx.isIndentedCode || ctx.inFrontmatter;
 }
 /**
  * SMI-3521: Check if a match position falls within an inline code span (backtick-delimited).

package/dist/src/security/scanner/SecurityScanner.helpers.js.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityScanner.helpers.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAiBhD,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAA;IACjC,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAC/F,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAkB,EAAE,CAAA;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAE/B,sDAAsD;QACtD,IAAI,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,iBAAiB,GAAG,CAAC,iBAAiB,CAAA;QACxC,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE3C,yEAAyE;QACzE,MAAM,cAAc,GAClB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YACxB,CAAC,iBAAiB;YAClB,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5B,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE9B,iEAAiE;QACjE,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAA;QAE/D,QAAQ,CAAC,IAAI,CAAC;YACZ,UAAU,EAAE,CAAC,GAAG,CAAC;YACjB,WAAW,EAAE,iBAAiB;YAC9B,OAAO;YACP,cAAc;YACd,YAAY;SACb,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAgB;IACrD,OAAO,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,cAAc,CAAA;AAC7D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,UAAkB;IACjE,MAAM,aAAa,GAAG,YAAY,CAAA;IAClC,IAAI,KAAK,CAAA;IACT,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAA;QAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QAC7C,IAAI,UAAU,IAAI,SAAS,IAAI,UAAU,GAAG,OAAO,EAAE,CAAC;YACpD,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAcD;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAC9C,OAAe,EACf,MAA2B,EAC3B,YAA4B;IAE5B,MAAM,QAAQ,GAAsB,EAAE,CAAA;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,YAAY,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAA;IAChE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAA;IAEtC,uDAAuD;IACvD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;gBAClE,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,CAAA;gBACpC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;gBAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,CAAA;gBAChE,MAAM,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAA;gBACxC,MAAM,YAAY,GAAG,GAAG,EAAE,YAAY,IAAI,kBAAkB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;gBACjF,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,CAAA;gBAC9E,MAAM,UAAU,GAAsB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;gBACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;gBAEvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ;oBACR,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG;oBACtF,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACvC,UAAU;oBACV,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,sBAAsB,EAAE,YAAY;oBACpC,UAAU;iBACX,CAAC,CAAA;gBACF,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC;YAAE,OAAM;QACvC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;QAE3B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,kBAAkB,CAAC,OAAO,CAAC;gBAAE,SAAQ;YACzC,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,YAAY,GAAG,GAAG,EAAE,YAAY,IAAI,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAA;gBACpF,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,CAAA;gBAC9E,MAAM,UAAU,GAAsB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;gBACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAE3E,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ;oBACR,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG;oBAClG,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,sBAAsB,EAAE,YAAY;oBACpC,UAAU;iBACX,CAAC,CAAA;gBACF,MAAK;YACP,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA2B;IAI5D,MAAM,SAAS,GAAuB;QACpC,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC;QACpB,aAAa,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,mBAAmB,EAAE,CAAC;QACtB,cAAc,EAAE,CAAC;QACjB,cAAc,EAAE,CAAC;QACjB,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,CAAC;QACZ,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,CAAC;KACP,CAAA;IAED,MAAM,iBAAiB,GAAsC;QAC3D,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACzD,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,GAAG,CAAA;QAC5D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC,CAAA;QACxE,MAAM,KAAK,GAAG,cAAc,GAAG,cAAc,GAAG,gBAAgB,CAAA;QAEhE,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,KAAK,WAAW;gBACd,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,iBAAiB,IAAI,KAAK,CAAA;gBACpC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,aAAa,IAAI,KAAK,CAAA;gBAChC,MAAK;YACP,KAAK,mBAAmB;gBACtB,SAAS,CAAC,gBAAgB,IAAI,KAAK,CAAA;gBACnC,MAAK;YACP,KAAK,sBAAsB;gBACzB,SAAS,CAAC,mBAAmB,IAAI,KAAK,CAAA;gBACtC,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,YAAY,IAAI,KAAK,CAAA;gBAC/B,MAAK;YACP,KAAK,YAAY;gBACf,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,MAAM;gBACT,SAAS,CAAC,IAAI,IAAI,KAAK,CAAA;gBACvB,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,GAAG,IAAI,KAAK,CAAA;gBACtB,MAAK;QACT,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAA;IACxE,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,aAAa,CAAC,CAAA;IAChE,SAAS,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAA;IACtE,SAAS,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAA;IAC5E,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,YAAY,CAAC,CAAA;IAC9D,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,CAAC,CAAA;IAC9C,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,CAAA;IAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,GAAG,EACH,IAAI,CAAC,KAAK,CACR,SAAS,CAAC,SAAS,GAAG,GAAG;QACvB,SAAS,CAAC,iBAAiB,GAAG,IAAI;QAClC,SAAS,CAAC,aAAa,GAAG,IAAI;QAC9B,SAAS,CAAC,gBAAgB,GAAG,IAAI;QACjC,SAAS,CAAC,mBAAmB,GAAG,IAAI;QACpC,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,YAAY,GAAG,IAAI;QAC7B,SAAS,CAAC,SAAS,GAAG,IAAI;QAC1B,SAAS,CAAC,IAAI,GAAG,IAAI;QACrB,SAAS,CAAC,GAAG,GAAG,IAAI,CACvB,CACF,CAAA;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC7B,CAAC"}
+{"version":3,"file":"SecurityScanner.helpers.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAyBhD,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAA;IACjC,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAC/F,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAkB,EAAE,CAAA;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAC7B,6CAA6C;IAC7C,2GAA2G;IAC3G,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,IAAI,uBAAuB,GAAG,CAAC,CAAC,CAAA;IAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAE/B,6DAA6D;QAC7D,uEAAuE;QACvE,oDAAoD;QACpD,IAAI,iBAAiB,GAAG,KAAK,CAAA;QAC7B,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;YAC1B,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnC,+DAA+D;gBAC/D,gBAAgB,GAAG,MAAM,CAAA;gBACzB,uBAAuB,GAAG,CAAC,CAAA;gBAC3B,iBAAiB,GAAG,IAAI,CAAA,CAAC,0CAA0C;YACrE,CAAC;iBAAM,IAAI,gBAAgB,KAAK,MAAM,EAAE,CAAC;gBACvC,gBAAgB,GAAG,QAAQ,CAAA;gBAC3B,iBAAiB,GAAG,IAAI,CAAA,CAAC,wBAAwB;YACnD,CAAC;QACH,CAAC;aAAM,IAAI,gBAAgB,KAAK,SAAS,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,qFAAqF;YACrF,gBAAgB,GAAG,QAAQ,CAAA;QAC7B,CAAC;aAAM,IAAI,gBAAgB,KAAK,MAAM,EAAE,CAAC;YACvC,iBAAiB,GAAG,IAAI,CAAA;QAC1B,CAAC;QAED,yEAAyE;QACzE,wDAAwD;QACxD,IAAI,CAAC,iBAAiB,IAAI,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7D,iBAAiB,GAAG,CAAC,iBAAiB,CAAA;QACxC,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,CAAC,iBAAiB,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAEjE,yEAAyE;QACzE,MAAM,cAAc,GAClB,CAAC,iBAAiB;YAClB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YACxB,CAAC,iBAAiB;YAClB,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5B,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE9B,iEAAiE;QACjE,MAAM,YAAY,GAAG,CAAC,iBAAiB,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAA;QAErF,QAAQ,CAAC,IAAI,CAAC;YACZ,UAAU,EAAE,CAAC,GAAG,CAAC;YACjB,WAAW,EAAE,iBAAiB;YAC9B,OAAO;YACP,cAAc;YACd,YAAY;YACZ,aAAa,EAAE,iBAAiB;SACjC,CAAC,CAAA;IACJ,CAAC;IAED,yEAAyE;IACzE,uEAAuE;IACvE,gDAAgD;IAChD,IAAI,gBAAgB,KAAK,MAAM,IAAI,uBAAuB,IAAI,CAAC,EAAE,CAAC;QAChE,KAAK,IAAI,CAAC,GAAG,uBAAuB,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/D,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,KAAK,CAAA;QACnC,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAgB;IACrD,OAAO,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,CAAA;AAClF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,UAAkB;IACjE,MAAM,aAAa,GAAG,YAAY,CAAA;IAClC,IAAI,KAAK,CAAA;IACT,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAA;QAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QAC7C,IAAI,UAAU,IAAI,SAAS,IAAI,UAAU,GAAG,OAAO,EAAE,CAAC;YACpD,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAcD;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAC9C,OAAe,EACf,MAA2B,EAC3B,YAA4B;IAE5B,MAAM,QAAQ,GAAsB,EAAE,CAAA;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,YAAY,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAA;IAChE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAA;IAEtC,uDAAuD;IACvD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;gBAClE,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,CAAA;gBACpC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;gBAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,CAAA;gBAChE,MAAM,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAA;gBACxC,MAAM,YAAY,GAAG,GAAG,EAAE,YAAY,IAAI,kBAAkB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;gBACjF,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,CAAA;gBAC9E,MAAM,UAAU,GAAsB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;gBACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;gBAEvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ;oBACR,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG;oBACtF,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACvC,UAAU;oBACV,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,sBAAsB,EAAE,YAAY;oBACpC,UAAU;iBACX,CAAC,CAAA;gBACF,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC;YAAE,OAAM;QACvC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;QAE3B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,kBAAkB,CAAC,OAAO,CAAC;gBAAE,SAAQ;YACzC,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,YAAY,GAAG,GAAG,EAAE,YAAY,IAAI,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAA;gBACpF,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,CAAA;gBAC9E,MAAM,UAAU,GAAsB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;gBACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAE3E,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ;oBACR,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG;oBAClG,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,sBAAsB,EAAE,YAAY;oBACpC,UAAU;iBACX,CAAC,CAAA;gBACF,MAAK;YACP,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA2B;IAI5D,MAAM,SAAS,GAAuB;QACpC,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC;QACpB,aAAa,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,mBAAmB,EAAE,CAAC;QACtB,cAAc,EAAE,CAAC;QACjB,cAAc,EAAE,CAAC;QACjB,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,CAAC;QACZ,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,CAAC;KACP,CAAA;IAED,MAAM,iBAAiB,GAAsC;QAC3D,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACzD,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,GAAG,CAAA;QAC5D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC,CAAA;QACxE,MAAM,KAAK,GAAG,cAAc,GAAG,cAAc,GAAG,gBAAgB,CAAA;QAEhE,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,KAAK,WAAW;gBACd,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,iBAAiB,IAAI,KAAK,CAAA;gBACpC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,aAAa,IAAI,KAAK,CAAA;gBAChC,MAAK;YACP,KAAK,mBAAmB;gBACtB,SAAS,CAAC,gBAAgB,IAAI,KAAK,CAAA;gBACnC,MAAK;YACP,KAAK,sBAAsB;gBACzB,SAAS,CAAC,mBAAmB,IAAI,KAAK,CAAA;gBACtC,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,YAAY,IAAI,KAAK,CAAA;gBAC/B,MAAK;YACP,KAAK,YAAY;gBACf,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,MAAM;gBACT,SAAS,CAAC,IAAI,IAAI,KAAK,CAAA;gBACvB,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,GAAG,IAAI,KAAK,CAAA;gBACtB,MAAK;QACT,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAA;IACxE,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,aAAa,CAAC,CAAA;IAChE,SAAS,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAA;IACtE,SAAS,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAA;IAC5E,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,YAAY,CAAC,CAAA;IAC9D,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,CAAC,CAAA;IAC9C,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,CAAA;IAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,GAAG,EACH,IAAI,CAAC,KAAK,CACR,SAAS,CAAC,SAAS,GAAG,GAAG;QACvB,SAAS,CAAC,iBAAiB,GAAG,IAAI;QAClC,SAAS,CAAC,aAAa,GAAG,IAAI;QAC9B,SAAS,CAAC,gBAAgB,GAAG,IAAI;QACjC,SAAS,CAAC,mBAAmB,GAAG,IAAI;QACpC,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,YAAY,GAAG,IAAI;QAC7B,SAAS,CAAC,SAAS,GAAG,IAAI;QAC1B,SAAS,CAAC,IAAI,GAAG,IAAI;QACrB,SAAS,CAAC,GAAG,GAAG,IAAI,CACvB,CACF,CAAA;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC7B,CAAC"}

package/dist/src/security/scanner/patterns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,eAAO,MAAM,uBAAuB,UAanC,CAAA;AAGD,eAAO,MAAM,uBAAuB,UAanC,CAAA;AAGD,eAAO,MAAM,kBAAkB,UAkB9B,CAAA;AAGD,eAAO,MAAM,mBAAmB,UAY/B,CAAA;AAGD,eAAO,MAAM,2BAA2B,UAavC,CAAA;AAGD,eAAO,MAAM,uBAAuB,UAenC,CAAA;AAGD,eAAO,MAAM,0BAA0B,UAqBtC,CAAA;AAGD,eAAO,MAAM,6BAA6B,UAyBzC,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,UAuBrC,CAAA;AAED;;;;;;;;;;;GAWG;AACH;;;;GAIG;AACH,eAAO,MAAM,YAAY,UAwBxB,CAAA;AAED,eAAO,MAAM,mBAAmB,UAwD/B,CAAA"}
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,eAAO,MAAM,uBAAuB,UAanC,CAAA;AAOD,eAAO,MAAM,uBAAuB,UAsBnC,CAAA;AAGD,eAAO,MAAM,kBAAkB,UAkB9B,CAAA;AAGD,eAAO,MAAM,mBAAmB,UAY/B,CAAA;AAGD,eAAO,MAAM,2BAA2B,UAavC,CAAA;AAGD,eAAO,MAAM,uBAAuB,UAenC,CAAA;AAGD,eAAO,MAAM,0BAA0B,UAuCtC,CAAA;AAGD,eAAO,MAAM,6BAA6B,UAkCzC,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,UAuBrC,CAAA;AAED;;;;;;;;;;;GAWG;AACH;;;;GAIG;AACH,eAAO,MAAM,YAAY,UAwBxB,CAAA;AAED,eAAO,MAAM,mBAAmB,UAwD/B,CAAA"}

package/dist/src/security/scanner/patterns.js

@@ -19,19 +19,32 @@ export const DEFAULT_ALLOWED_DOMAINS = [
     'typescriptlang.org',
 ];
 // Sensitive file path patterns
+// SMI-4396 Wave 2: bare-keyword variants (credentials, secrets?, password) tightened
+// to require assignment/path/file-extension context. Without this tuning,
+// documentation keywords in SKILL.md frontmatter and prose (1Password integration
+// guides, security-research skill domain vocabulary) tripped HIGH severity.
 export const SENSITIVE_PATH_PATTERNS = [
     /\.env/i,
-    /credentials/i,
-    /secrets?/i,
+    // Contextual credentials: filename or assignment, not bare prose
+    /credentials\.(?:json|ya?ml|env|toml|txt)/i,
+    /credentials\s*[:=]/i,
+    // Contextual secrets: assignment or path, not bare word
+    /\bsecrets?\s*[:=]/i,
+    /\bsecrets?\/[a-z0-9_.-]+/i,
     /\.pem$/i,
     /\.key$/i,
     /\.crt$/i,
-    /password/i,
+    // Contextual password: assignment or URL (postgres://user:pass@host) only
+    /password\s*[:=]/i,
     /api[_-]?key/i,
     /auth[_-]?token/i,
     /~\/\.ssh/i,
     /~\/\.aws/i,
     /~\/\.config/i,
+    // SMI-4396 Wave 2: explicit system-file paths. Added so that tightening
+    // bare /credentials/i and /password/i into assignment-context variants
+    // doesn't drop coverage of obvious sensitive references like /etc/passwd.
+    /\/etc\/(?:passwd|shadow|sudoers|hosts)\b/i,
 ];
 // Jailbreak attempt patterns
 export const JAILBREAK_PATTERNS = [
@@ -117,9 +130,27 @@ export const DATA_EXFILTRATION_PATTERNS = [
     /data\s*:\s*['"]/i, // Data URLs
     /\.writeFile.*https?:\/\//i,
     /send\s+.*(to|the)\s+(external|remote)/i,
-    /upload\s+.*(to|the)\s+(server|cloud|remote)/i,
+    // SMI-4396 Wave 2: word-boundary \bcloud\b + bounded wildcard.
+    // Previous /upload\s+.*(to|the)\s+(server|cloud|remote)/i matched
+    // "upload to Cloudinary" (the Cloud prefix substring-matches) —
+    // triggered skill-image-pipeline as data_exfiltration FP. The
+    // bounded [\w\s]{0,30}? prevents ReDoS; \bcloud\b excludes
+    // Cloudinary/cloudfront/cloudflare/iCloud/cloudstorage.
+    /upload\s+[\w\s]{0,30}?\s*(?:to|the)\s+(?:server|\bcloud\b|remote)/i,
+    // SMI-4396 Wave 2: explicit key/secret/credential/token upload detector.
+    // Ensures "upload private keys to our cdn bucket" still triggers even
+    // though \bcloud\b word-boundary now excludes "cdn bucket" prose.
+    /upload\s+[\w\s]{0,50}?\s*(?:private\s+)?(?:key|secret|credential|token)s?\b/i,
     /post\s+data\s+to/i,
     /to\s+external\s+(api|server|endpoint)/i,
+    // SMI-4396 Wave 2: restore prose coverage dropped by tightening bare /password/i
+    // and /credentials/i to assignment-context only. These unambiguous exfiltration
+    // verbs (send/transmit/leak/dump/steal/extract) + credential noun preserve detection
+    // of "send the user's passwords to attacker.com" and similar imperative instructions
+    // without re-introducing FPs on "This skill handles passwords" or
+    // "Never expose the password to Claude Code" (expose excluded: weak intent signal
+    // + negation-context FP in 1Password-style SKILL.md fixtures).
+    /(?:send|transmit|leak|dump|steal|extract)\s+[\w\s']{0,40}(?:passwords?|credentials?|secrets?)\b/i,
 ];
 // SMI-685: Privilege escalation patterns
 export const PRIVILEGE_ESCALATION_PATTERNS = [
@@ -138,7 +169,16 @@ export const PRIVILEGE_ESCALATION_PATTERNS = [
     /setuid/i,
     /setgid/i,
     /capability\s+cap_/i,
-    /escalat(e|ion)/i,
+    // SMI-4396 Wave 2: contextual privilege_escalation patterns.
+    // Previous bare /escalat(e|ion)/i matched documentation prose in
+    // security-research and prompt-injection-scanner skills that legitimately
+    // enumerate "privilege escalation" as an adversarial technique they
+    // detect — triggered 3/5 CRITICAL FPs. Bare pattern removed; these three
+    // contextual variants preserve real coverage (exploit-escalate calls,
+    // attack/vector noun phrases, to-root/to-admin targets).
+    /privilege[_\s-]+escalat(?:e|ion)/i,
+    /escalat(?:e|ion)\s+(?:attack|vector|(?:to|as)\s+(?:root|admin|superuser))/i,
+    /exploit\s+[\w\s]{0,30}?\s*escalat(?:e|ion)/i,
     /privilege[ds]?\s+(elevat|escal)/i,
     /run\s+.*as\s+root/i,
     /(run|execute)\s+as\s+(root|admin)/i,

package/dist/src/security/scanner/patterns.js.map

@@ -1 +1 @@
-{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../../src/security/scanner/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,0BAA0B;AAC1B,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,YAAY;IACZ,uBAAuB;IACvB,2BAA2B;IAC3B,WAAW;IACX,WAAW;IACX,oBAAoB;IACpB,eAAe;IACf,WAAW;IACX,iBAAiB;IACjB,uBAAuB;IACvB,YAAY;IACZ,oBAAoB;CACrB,CAAA;AAED,+BAA+B;AAC/B,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,QAAQ;IACR,cAAc;IACd,WAAW;IACX,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,cAAc;IACd,iBAAiB;IACjB,WAAW;IACX,WAAW;IACX,cAAc;CACf,CAAA;AAED,6BAA6B;AAC7B,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,6EAA6E;IAC7E,2EAA2E;IAC3E,mBAAmB;IACnB,SAAS;IACT,sBAAsB;IACtB,YAAY;IACZ,oDAAoD;IACpD,+DAA+D;IAC/D,iDAAiD;IACjD,mDAAmD;IACnD,0DAA0D;IAC1D,8CAA8C;IAE9C,2EAA2E;IAC3E,2FAA2F;IAC3F,yFAAyF;IACzF,gEAAgE;CACjE,CAAA;AAED,2DAA2D;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,YAAY;IACZ,YAAY;IACZ,gBAAgB;IAChB,eAAe,EAAE,uBAAuB;IACxC,uBAAuB;IACvB,yBAAyB;IACzB,qCAAqC;IACrC,gCAAgC;IAChC,eAAe;IACf,0BAA0B,EAAE,qBAAqB;IACjD,0BAA0B;CAC3B,CAAA;AAED,+CAA+C;AAC/C,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,2CAA2C;IAC3C,gBAAgB;IAChB,0CAA0C,EAAE,6BAA6B;IACzE,kDAAkD;IAClD,sBAAsB;IACtB,oCAAoC;IACpC,4BAA4B;IAC5B,2BAA2B;IAC3B,8BAA8B;IAC9B,iCAAiC;IACjC,4BAA4B;IAC5B,sBAAsB;CACvB,CAAA;AAED,2CAA2C;AAC3C,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,2DAA2D;IAC3D,qCAAqC;IACrC,qCAAqC;IACrC,8CAA8C;IAC9C,qCAAqC;IACrC,2CAA2C;IAC3C,+CAA+C;IAC/C,wDAAwD;IACxD,4CAA4C;IAC5C,+CAA+C;IAC/C,mDAAmD;IACnD,wCAAwC;IACxC,uDAAuD;IACvD,8CAA8C;CAC/C,CAAA;AAED,sCAAsC;AACtC,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,YAAY,EAAE,sBAAsB;IACpC,YAAY,EAAE,sBAAsB;IACpC,2CAA2C;IAC3C,wCAAwC;IACxC,0BAA0B;IAC1B,iCAAiC,EAAE,0BAA0B;IAC7D,iBAAiB;IACjB,wBAAwB;IACxB,gBAAgB;IAChB,mBAAmB;IACnB,iBAAiB;IACjB,uBAAuB;IACvB,iBAAiB;IACjB,QAAQ;IACR,kBAAkB,EAAE,YAAY;IAChC,2BAA2B;IAC3B,wCAAwC;IACxC,8CAA8C;IAC9C,mBAAmB;IACnB,wCAAwC;CACzC,CAAA;AAED,yCAAyC;AACzC,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,wBAAwB,EAAE,gCAAgC;IAC1D,qBAAqB,EAAE,wBAAwB;IAC/C,YAAY;IACZ,oCAAoC,EAAE,2BAA2B;IACjE,kBAAkB,EAAE,eAAe;IACnC,kBAAkB,EAAE,iBAAiB;IACrC,kBAAkB,EAAE,0BAA0B;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,SAAS;IACT,iBAAiB;IACjB,WAAW;IACX,SAAS;IACT,SAAS;IACT,oBAAoB;IACpB,iBAAiB;IACjB,kCAAkC;IAClC,oBAAoB;IACpB,oCAAoC;IACpC,4BAA4B;IAC5B,uBAAuB;IACvB,mBAAmB;IACnB,gBAAgB;IAChB,gBAAgB;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,mDAAmD;IACnD,yEAAyE;IACzE,2EAA2E;IAC3E,yEAAyE;IACzE,yEAAyE;IAEzE,gDAAgD;IAChD,qFAAqF;IACrF,0FAA0F;IAC1F,sFAAsF;IAEtF,mCAAmC;IACnC,oBAAoB;IAEpB,sEAAsE;IACtE,0CAA0C;IAC1C,uBAAuB;IAEvB,0DAA0D;IAC1D,oGAAoG;IACpG,mIAAmI;IACnI,sGAAsG;CACvG,CAAA;AAED;;;;;;;;;;;GAWG;AACH;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,yCAAyC;IACzC,+DAA+D;IAC/D,qEAAqE;IACrE,yEAAyE;IAEzE,gCAAgC;IAChC,yCAAyC,EAAE,SAAS;IACpD,0CAA0C,EAAE,aAAa;IACzD,iCAAiC,EAAE,kBAAkB;IACrD,kBAAkB,EAAE,iBAAiB;IAErC,4EAA4E;IAC5E,+EAA+E;IAC/E,gDAAgD;IAEhD,6BAA6B;IAC7B,uBAAuB;IAEvB,eAAe;IACf,4CAA4C;IAE5C,+BAA+B;IAC/B,qDAAqD;CACtD,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,2EAA2E;IAC3E,6EAA6E;IAC7E,mEAAmE;IACnE,mDAAmD;IAEnD,oDAAoD;IACpD,4BAA4B;IAE5B,6DAA6D;IAC7D,mFAAmF;IAEnF,0DAA0D;IAC1D,gEAAgE;IAChE,uEAAuE;IAEvE,iFAAiF;IACjF,gFAAgF;IAChF,mIAAmI;IAEnI,yDAAyD;IACzD,iEAAiE;IAEjE,yDAAyD;IACzD,6DAA6D;IAE7D,0DAA0D;IAC1D,uEAAuE;IAEvE,sCAAsC;IACtC,uEAAuE;IACvE,kFAAkF;IAClF,uGAAuG;IAEvG,4BAA4B;IAC5B,kDAAkD;IAElD,yCAAyC;IACzC,kFAAkF;IAElF,6BAA6B;IAC7B,8CAA8C;IAE9C,6CAA6C;IAC7C,+EAA+E;IAC/E,4HAA4H;IAE5H,kDAAkD;IAClD,wEAAwE;IAExE,wBAAwB;IACxB,4CAA4C;IAE5C,+EAA+E;IAC/E,6DAA6D;IAC7D,qBAAqB;CACtB,CAAA"}
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../../src/security/scanner/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,0BAA0B;AAC1B,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,YAAY;IACZ,uBAAuB;IACvB,2BAA2B;IAC3B,WAAW;IACX,WAAW;IACX,oBAAoB;IACpB,eAAe;IACf,WAAW;IACX,iBAAiB;IACjB,uBAAuB;IACvB,YAAY;IACZ,oBAAoB;CACrB,CAAA;AAED,+BAA+B;AAC/B,qFAAqF;AACrF,0EAA0E;AAC1E,kFAAkF;AAClF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,QAAQ;IACR,iEAAiE;IACjE,2CAA2C;IAC3C,qBAAqB;IACrB,wDAAwD;IACxD,oBAAoB;IACpB,2BAA2B;IAC3B,SAAS;IACT,SAAS;IACT,SAAS;IACT,0EAA0E;IAC1E,kBAAkB;IAClB,cAAc;IACd,iBAAiB;IACjB,WAAW;IACX,WAAW;IACX,cAAc;IACd,wEAAwE;IACxE,uEAAuE;IACvE,0EAA0E;IAC1E,2CAA2C;CAC5C,CAAA;AAED,6BAA6B;AAC7B,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,6EAA6E;IAC7E,2EAA2E;IAC3E,mBAAmB;IACnB,SAAS;IACT,sBAAsB;IACtB,YAAY;IACZ,oDAAoD;IACpD,+DAA+D;IAC/D,iDAAiD;IACjD,mDAAmD;IACnD,0DAA0D;IAC1D,8CAA8C;IAE9C,2EAA2E;IAC3E,2FAA2F;IAC3F,yFAAyF;IACzF,gEAAgE;CACjE,CAAA;AAED,2DAA2D;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,YAAY;IACZ,YAAY;IACZ,gBAAgB;IAChB,eAAe,EAAE,uBAAuB;IACxC,uBAAuB;IACvB,yBAAyB;IACzB,qCAAqC;IACrC,gCAAgC;IAChC,eAAe;IACf,0BAA0B,EAAE,qBAAqB;IACjD,0BAA0B;CAC3B,CAAA;AAED,+CAA+C;AAC/C,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,2CAA2C;IAC3C,gBAAgB;IAChB,0CAA0C,EAAE,6BAA6B;IACzE,kDAAkD;IAClD,sBAAsB;IACtB,oCAAoC;IACpC,4BAA4B;IAC5B,2BAA2B;IAC3B,8BAA8B;IAC9B,iCAAiC;IACjC,4BAA4B;IAC5B,sBAAsB;CACvB,CAAA;AAED,2CAA2C;AAC3C,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,2DAA2D;IAC3D,qCAAqC;IACrC,qCAAqC;IACrC,8CAA8C;IAC9C,qCAAqC;IACrC,2CAA2C;IAC3C,+CAA+C;IAC/C,wDAAwD;IACxD,4CAA4C;IAC5C,+CAA+C;IAC/C,mDAAmD;IACnD,wCAAwC;IACxC,uDAAuD;IACvD,8CAA8C;CAC/C,CAAA;AAED,sCAAsC;AACtC,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,YAAY,EAAE,sBAAsB;IACpC,YAAY,EAAE,sBAAsB;IACpC,2CAA2C;IAC3C,wCAAwC;IACxC,0BAA0B;IAC1B,iCAAiC,EAAE,0BAA0B;IAC7D,iBAAiB;IACjB,wBAAwB;IACxB,gBAAgB;IAChB,mBAAmB;IACnB,iBAAiB;IACjB,uBAAuB;IACvB,iBAAiB;IACjB,QAAQ;IACR,kBAAkB,EAAE,YAAY;IAChC,2BAA2B;IAC3B,wCAAwC;IACxC,+DAA+D;IAC/D,kEAAkE;IAClE,gEAAgE;IAChE,8DAA8D;IAC9D,2DAA2D;IAC3D,wDAAwD;IACxD,oEAAoE;IACpE,yEAAyE;IACzE,sEAAsE;IACtE,kEAAkE;IAClE,8EAA8E;IAC9E,mBAAmB;IACnB,wCAAwC;IACxC,iFAAiF;IACjF,gFAAgF;IAChF,qFAAqF;IACrF,qFAAqF;IACrF,kEAAkE;IAClE,kFAAkF;IAClF,+DAA+D;IAC/D,kGAAkG;CACnG,CAAA;AAED,yCAAyC;AACzC,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,wBAAwB,EAAE,gCAAgC;IAC1D,qBAAqB,EAAE,wBAAwB;IAC/C,YAAY;IACZ,oCAAoC,EAAE,2BAA2B;IACjE,kBAAkB,EAAE,eAAe;IACnC,kBAAkB,EAAE,iBAAiB;IACrC,kBAAkB,EAAE,0BAA0B;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,SAAS;IACT,iBAAiB;IACjB,WAAW;IACX,SAAS;IACT,SAAS;IACT,oBAAoB;IACpB,6DAA6D;IAC7D,iEAAiE;IACjE,0EAA0E;IAC1E,oEAAoE;IACpE,yEAAyE;IACzE,sEAAsE;IACtE,yDAAyD;IACzD,mCAAmC;IACnC,4EAA4E;IAC5E,6CAA6C;IAC7C,kCAAkC;IAClC,oBAAoB;IACpB,oCAAoC;IACpC,4BAA4B;IAC5B,uBAAuB;IACvB,mBAAmB;IACnB,gBAAgB;IAChB,gBAAgB;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,mDAAmD;IACnD,yEAAyE;IACzE,2EAA2E;IAC3E,yEAAyE;IACzE,yEAAyE;IAEzE,gDAAgD;IAChD,qFAAqF;IACrF,0FAA0F;IAC1F,sFAAsF;IAEtF,mCAAmC;IACnC,oBAAoB;IAEpB,sEAAsE;IACtE,0CAA0C;IAC1C,uBAAuB;IAEvB,0DAA0D;IAC1D,oGAAoG;IACpG,mIAAmI;IACnI,sGAAsG;CACvG,CAAA;AAED;;;;;;;;;;;GAWG;AACH;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,yCAAyC;IACzC,+DAA+D;IAC/D,qEAAqE;IACrE,yEAAyE;IAEzE,gCAAgC;IAChC,yCAAyC,EAAE,SAAS;IACpD,0CAA0C,EAAE,aAAa;IACzD,iCAAiC,EAAE,kBAAkB;IACrD,kBAAkB,EAAE,iBAAiB;IAErC,4EAA4E;IAC5E,+EAA+E;IAC/E,gDAAgD;IAEhD,6BAA6B;IAC7B,uBAAuB;IAEvB,eAAe;IACf,4CAA4C;IAE5C,+BAA+B;IAC/B,qDAAqD;CACtD,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,2EAA2E;IAC3E,6EAA6E;IAC7E,mEAAmE;IACnE,mDAAmD;IAEnD,oDAAoD;IACpD,4BAA4B;IAE5B,6DAA6D;IAC7D,mFAAmF;IAEnF,0DAA0D;IAC1D,gEAAgE;IAChE,uEAAuE;IAEvE,iFAAiF;IACjF,gFAAgF;IAChF,mIAAmI;IAEnI,yDAAyD;IACzD,iEAAiE;IAEjE,yDAAyD;IACzD,6DAA6D;IAE7D,0DAA0D;IAC1D,uEAAuE;IAEvE,sCAAsC;IACtC,uEAAuE;IACvE,kFAAkF;IAClF,uGAAuG;IAEvG,4BAA4B;IAC5B,kDAAkD;IAElD,yCAAyC;IACzC,kFAAkF;IAElF,6BAA6B;IAC7B,8CAA8C;IAE9C,6CAA6C;IAC7C,+EAA+E;IAC/E,4HAA4H;IAE5H,kDAAkD;IAClD,wEAAwE;IAExE,wBAAwB;IACxB,4CAA4C;IAE5C,+EAA+E;IAC/E,6DAA6D;IAC7D,qBAAqB;CACtB,CAAA"}

package/dist/src/services/skill-config-schema.d.ts

@@ -13,45 +13,13 @@ import { z } from 'zod';
  * Switch to .strict() after publishing the schema spec.
  */
 export declare const SkillConfigSchema: z.ZodObject<{
-    /** Skill display name override */
     displayName: z.ZodOptional<z.ZodString>;
-    /** Version constraint */
     version: z.ZodOptional<z.ZodString>;
-    /** Configuration presets (values must be primitives) */
-    presets: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
-    /** Custom settings (values must be primitives) */
-    settings: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
-    /** MCP server requirements */
-    mcpServers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    /** Minimum Claude Code version */
+    presets: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
+    settings: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
+    mcpServers: z.ZodOptional<z.ZodArray<z.ZodString>>;
     minClaudeCodeVersion: z.ZodOptional<z.ZodString>;
-}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-    /** Skill display name override */
-    displayName: z.ZodOptional<z.ZodString>;
-    /** Version constraint */
-    version: z.ZodOptional<z.ZodString>;
-    /** Configuration presets (values must be primitives) */
-    presets: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
-    /** Custom settings (values must be primitives) */
-    settings: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
-    /** MCP server requirements */
-    mcpServers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    /** Minimum Claude Code version */
-    minClaudeCodeVersion: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-    /** Skill display name override */
-    displayName: z.ZodOptional<z.ZodString>;
-    /** Version constraint */
-    version: z.ZodOptional<z.ZodString>;
-    /** Configuration presets (values must be primitives) */
-    presets: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
-    /** Custom settings (values must be primitives) */
-    settings: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
-    /** MCP server requirements */
-    mcpServers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    /** Minimum Claude Code version */
-    minClaudeCodeVersion: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">>;
+}, z.core.$loose>;
 export type SkillConfig = z.infer<typeof SkillConfigSchema>;
 export interface ConfigValidationResult {
     valid: boolean;

package/dist/src/services/skill-config-schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skill-config-schema.d.ts","sourceRoot":"","sources":["../../../src/services/skill-config-schema.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;IAE1B,kCAAkC;;IAElC,yBAAyB;;IAEzB,wDAAwD;;IAIxD,kDAAkD;;IAIlD,8BAA8B;;IAE9B,kCAAkC;;;IAdlC,kCAAkC;;IAElC,yBAAyB;;IAEzB,wDAAwD;;IAIxD,kDAAkD;;IAIlD,8BAA8B;;IAE9B,kCAAkC;;;IAdlC,kCAAkC;;IAElC,yBAAyB;;IAEzB,wDAAwD;;IAIxD,kDAAkD;;IAIlD,8BAA8B;;IAE9B,kCAAkC;;gCAGtB,CAAA;AAEhB,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAW3D,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,uCAAuC;IACvC,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,sBAAsB,CA+B3E"}
+{"version":3,"file":"skill-config-schema.d.ts","sourceRoot":"","sources":["../../../src/services/skill-config-schema.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;iBAmBd,CAAA;AAEhB,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAW3D,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,uCAAuC;IACvC,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,sBAAsB,CA+B3E"}