genskills 1.0.2 → 1.1.0

package/README.md

@@ -2,7 +2,7 @@
 
 [![npm version](https://img.shields.io/npm/v/genskills.svg)](https://www.npmjs.com/package/genskills)
 [![npm downloads](https://img.shields.io/npm/dm/genskills.svg)](https://www.npmjs.com/package/genskills)
-[![license](https://img.shields.io/npm/l/genskills.svg)]
+![license](https://img.shields.io/npm/l/genskills.svg)
 [![node](https://img.shields.io/node/v/genskills.svg)](https://nodejs.org)
 [![website](https://img.shields.io/badge/website-genskills.dev-blue)](https://genskills.dev)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "genskills",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "A comprehensive Claude Code skills library — install once, get 28 AI-powered skills",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "genskills",
-  "version": "1.0.0",
-  "description": "GenSkills Libs — A comprehensive Claude Code skills library with 20+ skills for code quality, workflow, project management, documentation, and development",
+  "version": "1.1.0",
+  "description": "GenSkills Libs — A comprehensive Claude Code skills library with 28 AI-powered skills for code quality, workflow, project management, documentation, and development",
   "author": {
     "name": "GenSkills"
   },
@@ -11,12 +11,12 @@
     {
       "id": "code-quality",
       "label": "Code Quality",
-      "description": "Review, refactor, audit, test, lint, type-check"
+      "description": "Review, refactor, audit, test, lint, type-check, dependencies, error boundaries, accessibility"
     },
     {
       "id": "workflow",
       "label": "Workflow",
-      "description": "Git, PRs, deploys, CI, branches"
+      "description": "Git, PRs, deploys, CI, branches, monorepo"
     },
     {
       "id": "project-management",
@@ -31,7 +31,7 @@
     {
       "id": "development",
       "label": "Development",
-      "description": "Scaffold, migrate, debug, optimize"
+      "description": "Scaffold, migrate, debug, optimize, env setup, db migrations, i18n"
     }
   ],
   "skills": [
@@ -41,11 +41,15 @@
     { "name": "test-generator", "category": "code-quality" },
     { "name": "lint-fix", "category": "code-quality" },
     { "name": "type-check", "category": "code-quality" },
+    { "name": "dependency-audit", "category": "code-quality" },
+    { "name": "error-boundary", "category": "code-quality" },
+    { "name": "accessibility-audit", "category": "code-quality" },
     { "name": "git-commit", "category": "workflow" },
     { "name": "pr-create", "category": "workflow" },
     { "name": "deploy", "category": "workflow" },
     { "name": "ci-fix", "category": "workflow" },
     { "name": "branch-manager", "category": "workflow" },
+    { "name": "monorepo", "category": "workflow" },
     { "name": "task-tracker", "category": "project-management" },
     { "name": "changelog-gen", "category": "project-management" },
     { "name": "release-notes", "category": "project-management" },
@@ -55,6 +59,9 @@
     { "name": "scaffold", "category": "development" },
     { "name": "migrate", "category": "development" },
     { "name": "debug", "category": "development" },
-    { "name": "perf-optimize", "category": "development" }
+    { "name": "perf-optimize", "category": "development" },
+    { "name": "env-setup", "category": "development" },
+    { "name": "db-migrate", "category": "development" },
+    { "name": "i18n", "category": "development" }
   ]
 }

package/skills/code-quality/accessibility-audit/SKILL.md

@@ -6,87 +6,118 @@ description: >
   "a11y audit", "accessibility", "wcag", "screen reader".
 user-invocable: true
 argument-hint: "[file or directory path]"
-allowed-tools: "Read, Grep, Glob, Bash(npx *)"
-genskills-version: "1.0.1"
+allowed-tools: "Read, Edit, Grep, Glob, Bash(npx *), Bash(npm run*)"
+genskills-version: "1.1.0"
 genskills-category: "code-quality"
 genskills-depends: []
 ---
 
 # Accessibility Audit
 
-Check codebase for WCAG 2.1 accessibility compliance.
+Check codebase for WCAG 2.2 accessibility compliance.
 
 ## Process
 
+### Step 0: Load Project Context
+- Check for `CLAUDE.md` at the project root — follow any a11y standards documented there
+- Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences (see Configuration below)
+- Identify the UI framework (React, Vue, Svelte, Angular, plain HTML)
+
 ### Step 1: Scope
 - If `$ARGUMENTS` provided, focus on that file/directory
-- Otherwise scan all component/page files
+- Otherwise scan all component/page files (`**/*.tsx`, `**/*.jsx`, `**/*.vue`, `**/*.svelte`)
+- Prioritize: pages/routes → shared components → utilities
 
 ### Step 2: Static Analysis
 Check for common a11y issues:
 
 **Images & Media**:
 - `<img>` without `alt` attribute
-- Decorative images without `alt=""`
+- Decorative images without `alt=""` and `role="presentation"`
 - `<video>` / `<audio>` without captions/transcripts
-- Icon-only buttons without accessible labels
+- Icon-only buttons without accessible labels (`aria-label` or visually hidden text)
+- SVG icons without `aria-hidden="true"` or `role="img"` with title
 
 **Semantic HTML**:
-- `<div>` or `<span>` used as buttons (should be `<button>`)
+- `<div>` or `<span>` used as buttons/links (should be `<button>` / `<a>`)
 - Missing heading hierarchy (h1 → h3 without h2)
+- Multiple `<h1>` elements on a single page
 - Missing `<main>`, `<nav>`, `<header>`, `<footer>` landmarks
 - Tables without `<th>` or `scope` attributes
 - Lists not using `<ul>` / `<ol>` / `<li>`
+- Missing `<lang>` attribute on `<html>`
 
 **Forms**:
-- `<input>` without associated `<label>` or `aria-label`
-- Missing form validation error announcements
+- `<input>` without associated `<label>` or `aria-label`/`aria-labelledby`
+- Missing form validation error announcements (`aria-describedby` pointing to error)
 - Missing `required` attribute or `aria-required`
-- Missing `autocomplete` attribute on common fields
+- Missing `autocomplete` attribute on common fields (name, email, address, etc.)
+- Form errors not programmatically associated with inputs
+- Missing fieldset/legend for radio/checkbox groups
 
 **Keyboard Navigation**:
-- Click handlers on non-interactive elements without `tabIndex` and `onKeyDown`
+- Click handlers on non-interactive elements without `tabIndex`, `role`, and `onKeyDown`
 - Missing focus styles (`:focus-visible` or equivalent)
-- Focus traps in modals/dialogs
+- Focus traps in modals/dialogs (focus should be trapped inside and restored on close)
 - Skip-to-content link presence
+- Custom components (dropdowns, tabs, carousels) missing keyboard support
+- Positive `tabIndex` values (should be 0 or -1 only)
 
 **ARIA**:
-- Incorrect ARIA roles
-- Missing `aria-live` for dynamic content
-- Missing `aria-expanded` on toggles/accordions
-- Missing `aria-label` on icon buttons
-- Redundant ARIA (e.g., `role="button"` on `<button>`)
+- Incorrect ARIA roles for the element type
+- Missing `aria-live` for dynamic content updates (toasts, alerts, loading states)
+- Missing `aria-expanded` on toggles/accordions/dropdowns
+- Missing `aria-label` on icon buttons and ambiguous links ("click here", "read more")
+- Redundant ARIA (e.g., `role="button"` on `<button>`, `role="link"` on `<a>`)
+- `aria-hidden="true"` on focusable elements (accessibility trap)
 
 **Color & Contrast**:
-- Text colors that may have insufficient contrast (flag hardcoded colors)
-- Information conveyed by color alone without alternative indicator
+- Text colors that may have insufficient contrast (flag hardcoded colors < 4.5:1 ratio)
+- Information conveyed by color alone without alternative indicator (icons, underlines, patterns)
+- Disabled states that are too low contrast to read
+
+**Motion & Animation**:
+- Missing `prefers-reduced-motion` media query for animations
+- Auto-playing content without pause controls
 
 ### Step 3: Check for Existing a11y Tooling
-- Look for eslint-plugin-jsx-a11y configuration
-- Check for @axe-core usage in tests
-- Note if these tools could catch the flagged issues automatically
+- Look for `eslint-plugin-jsx-a11y` configuration
+- Check for `@axe-core` usage in tests
+- Check for `pa11y`, `lighthouse` in CI/CD
+- Note which flagged issues could be caught automatically by these tools
 
 ### Step 4: Generate Report
 ```
-## Accessibility Audit Report
+## Accessibility Audit Report (WCAG 2.2)
 
-### Critical (WCAG A violations)
-- [file:line] <img> missing alt attribute
+### Critical (WCAG Level A violations)
+- [file:line] <img> missing alt attribute → add descriptive alt text
 - [file:line] <div onClick> should be <button> with keyboard handler
 
-### Serious (WCAG AA violations)
-- [file:line] Input without associated label
-- [file:line] Missing skip-to-content link
+### Serious (WCAG Level AA violations)
+- [file:line] Input without associated label → add <label htmlFor>
+- [file:line] Missing skip-to-content link → add as first focusable element
 
 ### Moderate
-- [file:line] Heading hierarchy skip (h1 → h3)
+- [file:line] Heading hierarchy skip (h1 → h3) → add missing h2
 - [file:line] aria-label missing on icon button
 
-### Recommendations
+### Tooling Recommendations
 - Install eslint-plugin-jsx-a11y for automated catching
 - Add @axe-core/react for runtime checks in dev
+- Add pa11y or lighthouse to CI for regression prevention
 
 ### Summary
 - X critical, Y serious, Z moderate issues
-- WCAG 2.1 Level AA estimated compliance: ...
+- WCAG 2.2 Level AA estimated compliance: X%
+
+### Follow-up
+- Run `/genskills:code-review` to verify a11y fixes don't break functionality
 ```
+
+## Configuration
+Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences:
+- `wcagLevel`: "A" | "AA" | "AAA" — target compliance level (default: "AA")
+- `framework`: string — override auto-detected UI framework
+- `ignorePaths`: string[] — paths to skip
+- `autoFix`: boolean — automatically apply simple fixes (alt text, labels) (default: false)

package/skills/code-quality/code-review/SKILL.md

@@ -5,8 +5,8 @@ description: >
   Triggers on: "review this code", "code review", "check my code", "review PR", "review changes".
 user-invocable: true
 argument-hint: "[file or directory path]"
-allowed-tools: "Read, Grep, Glob, WebFetch, Bash(git diff*), Bash(git log*), Bash(npm test*), Bash(npx vitest*)"
-genskills-version: "1.0.1"
+allowed-tools: "Read, Edit, Grep, Glob, WebFetch, Bash(git diff*), Bash(git log*), Bash(git blame*), Bash(npm test*), Bash(npm run*), Bash(npx vitest*), Bash(npx jest*)"
+genskills-version: "1.1.0"
 genskills-category: "code-quality"
 genskills-depends: []
 ---
@@ -17,29 +17,40 @@ Perform a thorough, multi-dimensional code review.
 
 ## Review Process
 
+### Step 0: Load Project Context
+- Check for `CLAUDE.md` at the project root — it contains project conventions, patterns, and rules you MUST follow
+- Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences (see Configuration below)
+- Identify the tech stack from `package.json`, `pyproject.toml`, or equivalent
+
 ### Step 1: Gather Context
 - If `$ARGUMENTS` is provided, focus review on that file/directory
-- If no arguments, review staged changes: `git diff --cached` or recent changes: `git diff HEAD~1`
-- Read the files being reviewed to understand full context
+- If `$ARGUMENTS` looks like a PR number or URL, use `gh pr diff <number>` to get the changes
+- If no arguments, review staged changes: `git diff --cached`; if nothing staged, review recent changes: `git diff HEAD~1`
+- Read the full files being reviewed (not just the diff) to understand surrounding context
+- Run `git log --oneline -5 -- <file>` to understand recent change history
+- Use `git blame` on critical sections to understand authorship and intent
 
 ### Step 2: Analyze Code Quality
 Check for:
-- **Correctness**: Logic errors, edge cases, off-by-one errors, null/undefined handling
-- **Security**: Injection vulnerabilities (SQL, XSS, command), auth issues, data exposure, OWASP Top 10
-- **Performance**: N+1 queries, unnecessary iterations, memory leaks, missing indexes
-- **Maintainability**: Code complexity, naming clarity, DRY violations, function length
-- **Error Handling**: Missing try/catch, unhandled promise rejections, error propagation
-- **Type Safety**: Type mismatches, unsafe casts, missing null checks
+- **Correctness**: Logic errors, edge cases, off-by-one errors, null/undefined handling, race conditions
+- **Security**: Injection vulnerabilities (SQL, XSS, command), auth issues, data exposure, OWASP Top 10, hardcoded secrets
+- **Performance**: N+1 queries, unnecessary iterations, memory leaks, missing indexes, unintended synchronous blocking
+- **Maintainability**: Code complexity, naming clarity, DRY violations, function length (>50 lines is a warning)
+- **Error Handling**: Missing try/catch, unhandled promise rejections, error propagation, missing error boundaries
+- **Type Safety**: Type mismatches, unsafe casts, `any` usage, missing null checks
+- **Concurrency**: Race conditions, deadlocks, missing locks on shared state
 
 ### Step 3: Check Project Patterns
 - Read nearby files to understand existing patterns and conventions
-- Flag deviations from established patterns
-- Check for consistent import ordering, naming conventions, file structure
+- Cross-reference with CLAUDE.md rules if present
+- Flag deviations from established patterns (naming, imports, file structure, error handling style)
+- Check for consistent import ordering, barrel exports, naming conventions
 
 ### Step 4: Verify Test Coverage
 - Check if changed code has corresponding tests
-- Run relevant test suites to verify they pass
+- Run relevant test suites to verify they pass: `npm test`, `npx vitest run`, or `npx jest`
 - Flag changed logic that lacks test coverage
+- Check for missing edge-case tests on new logic
 
 ### Step 5: Generate Report
 Structure your review as:
@@ -59,12 +70,23 @@ Structure your review as:
 ### Positive Highlights
 - What was done well
 
+### Test Coverage
+- Coverage status for changed code
+- Missing test scenarios
+
 ### Overall Assessment
 Brief summary with confidence level (approve/request changes/needs discussion)
 ```
 
+### Step 6: Offer Follow-up Actions
+After the report, suggest relevant next steps:
+- "Run `/genskills:test-generator` to add missing tests for uncovered code"
+- "Run `/genskills:security-audit` for a deeper security analysis" (if security issues found)
+- "Run `/genskills:refactor` on [file] to address complexity warnings"
+
 ## Configuration
 Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences:
 - `defaultMode`: "quick" | "deep" | "security-focused"
 - `languages`: string[] — focus languages
 - `ignorePaths`: string[] — paths to skip
+- `autoFix`: boolean — if true, apply simple fixes directly with Edit tool

package/skills/code-quality/dependency-audit/SKILL.md

@@ -5,9 +5,9 @@ description: >
   license conflicts, and bundle size impact. Triggers on: "check dependencies",
   "audit packages", "unused deps", "dependency audit", "outdated packages".
 user-invocable: true
-argument-hint: "[scope: all|unused|outdated|licenses|size]"
-allowed-tools: "Read, Grep, Glob, Bash(npm *), Bash(npx *), Bash(pip *), Bash(yarn *), Bash(pnpm *)"
-genskills-version: "1.0.1"
+argument-hint: "[scope: all|unused|outdated|licenses|size|security]"
+allowed-tools: "Read, Grep, Glob, Bash(npm outdated*), Bash(npm audit*), Bash(npm ls*), Bash(npm uninstall*), Bash(npx *), Bash(pip list*), Bash(pip audit*), Bash(yarn outdated*), Bash(pnpm outdated*), Bash(pnpm ls*)"
+genskills-version: "1.1.0"
 genskills-category: "code-quality"
 genskills-depends: []
 ---
@@ -18,9 +18,14 @@ Comprehensive dependency analysis and cleanup.
 
 ## Process
 
+### Step 0: Load Project Context
+- Check for `CLAUDE.md` at the project root — follow any dependency policies documented there
+- Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences (see Configuration below)
+
 ### Step 1: Detect Package Manager
-- Check for `package-lock.json` (npm), `yarn.lock` (yarn), `pnpm-lock.yaml` (pnpm), `requirements.txt` / `pyproject.toml` (Python)
+- Check for `package-lock.json` (npm), `yarn.lock` (yarn), `pnpm-lock.yaml` (pnpm), `bun.lockb` (bun), `requirements.txt` / `pyproject.toml` / `poetry.lock` (Python)
 - Read the lock file metadata to understand dependency tree depth
+- Check for monorepo setup (multiple package.json files)
 
 ### Step 2: Run Audits Based on Scope
 If `$ARGUMENTS` specifies a scope, focus on that. Otherwise run all checks.
@@ -28,59 +33,81 @@ If `$ARGUMENTS` specifies a scope, focus on that. Otherwise run all checks.
 **Unused Dependencies**:
 - Cross-reference `dependencies` in package.json with actual imports across codebase
 - Use Grep to find `import ... from '<pkg>'` or `require('<pkg>')` patterns
+- Also check for dynamic imports: `import('<pkg>')`, `require.resolve('<pkg>')`
 - Flag packages in dependencies that have zero imports
-- Check for packages only used in config files (babel, eslint plugins, etc.) — these are NOT unused
+- **Do NOT flag** packages only used in config files (babel plugins, eslint plugins, postcss plugins, etc.)
+- **Do NOT flag** packages used as CLI tools in scripts (package.json scripts section)
+- **Do NOT flag** `@types/*` packages — check if the corresponding package is used instead
 
 **Outdated Packages**:
 - Run `npm outdated` or equivalent
-- Categorize: patch updates, minor updates, major updates
-- Flag major updates that may have breaking changes
+- Categorize: patch updates (safe), minor updates (usually safe), major updates (breaking changes likely)
+- For major updates, note the breaking changes if identifiable
 
 **Security Vulnerabilities**:
 - Run `npm audit` / `pip audit`
 - Categorize by severity (critical, high, moderate, low)
-- Suggest fix commands where available
+- Suggest specific fix commands where available
+- Distinguish between production and dev dependency vulnerabilities
 
 **Duplicate Packages**:
-- Check for multiple versions of the same package in lock file
+- Run `npm ls --all` and check for multiple versions of the same package
 - Identify which top-level deps pull in conflicting versions
+- Suggest resolutions or overrides to deduplicate
 
 **License Compliance**:
 - Extract license field from each dependency's package.json
-- Flag copyleft licenses (GPL, AGPL) that may conflict with project license
-- Flag packages with no license specified
+- Flag copyleft licenses (GPL, AGPL, SSPL) that may conflict with project license
+- Flag packages with no license specified or "UNLICENSED"
+- Note: devDependencies have less restrictive license requirements
 
 **Bundle Size Impact**:
 - Identify heaviest dependencies by install size
-- Suggest lighter alternatives where available (e.g., moment → dayjs, lodash → lodash-es)
+- Suggest lighter alternatives where available:
+  - `moment` → `dayjs` or `date-fns`
+  - `lodash` → `lodash-es` or native methods
+  - `axios` → native `fetch`
+  - `uuid` → `crypto.randomUUID()`
 
 ### Step 3: Generate Report
 ```
 ## Dependency Audit Report
 
 ### Security Vulnerabilities
-- [severity] package@version — description
+- [severity] package@version — description — fix: `npm audit fix` or specific command
 
 ### Unused Dependencies (safe to remove)
-- package — no imports found
+- package — no imports found — `npm uninstall package`
 
-### Outdated (major)
+### Outdated (major — breaking changes)
 - package: current → latest (breaking changes: ...)
 
-### Outdated (minor/patch)
+### Outdated (minor/patch — safe to update)
 - package: current → latest
 
 ### Duplicates
-- package: v1 (via dep-a), v2 (via dep-b)
+- package: v1 (via dep-a), v2 (via dep-b) — resolution strategy
 
 ### License Concerns
-- package — license type
+- package — license type — risk level
 
 ### Bundle Size Opportunities
-- package (size) → suggested alternative (size)
+- package (size) → suggested alternative (size) — estimated savings
 
-### Recommended Actions
-1. Run: npm uninstall <unused>
-2. Run: npm update <safe-updates>
+### Recommended Actions (copy-paste ready)
+1. `npm uninstall <unused packages>`
+2. `npm update` (safe minor/patch updates)
 3. Review: <major-updates> for breaking changes
+4. `npm audit fix` (security fixes)
 ```
+
+### Step 4: Follow-up
+- Suggest running `/genskills:security-audit` if critical vulnerabilities found
+- Suggest running `/genskills:migrate` for major version upgrades
+
+## Configuration
+Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences:
+- `scope`: "all" | "unused" | "outdated" | "licenses" | "size" | "security" — default audit scope
+- `ignorePaths`: string[] — paths to skip when checking imports
+- `ignorePackages`: string[] — packages to skip in unused check
+- `licenseAllowlist`: string[] — allowed license types (default: MIT, ISC, BSD, Apache-2.0)

package/skills/code-quality/error-boundary/SKILL.md

@@ -7,8 +7,8 @@ description: >
   "error boundaries", "unhandled exceptions", "missing error handling".
 user-invocable: true
 argument-hint: "[file or directory path]"
-allowed-tools: "Read, Edit, Grep, Glob"
-genskills-version: "1.0.1"
+allowed-tools: "Read, Write, Edit, Grep, Glob, Bash(npm test*), Bash(npm run*), Bash(npx *)"
+genskills-version: "1.1.0"
 genskills-category: "code-quality"
 genskills-depends: []
 ---
@@ -19,45 +19,60 @@ Find and fix unhandled error surfaces across the codebase.
 
 ## Process
 
+### Step 0: Load Project Context
+- Check for `CLAUDE.md` at the project root — follow any error handling conventions documented there
+- Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences (see Configuration below)
+- Identify the framework to know which error patterns to check (React, Next.js, Express, Remix, SvelteKit, FastAPI, etc.)
+
 ### Step 1: Scope the Analysis
 - If `$ARGUMENTS` provided, focus on that file/directory
 - Otherwise, scan `src/` or project root
+- Prioritize: API routes → data-fetching → UI components → utilities
 
 ### Step 2: Detect Error Surfaces by Category
 
 **Unhandled Promises**:
-- Find `async` functions without try/catch
+- Find `async` functions without try/catch wrapping their await calls
 - Find `.then()` chains without `.catch()`
 - Find `await` calls not wrapped in try/catch
 - Find Promise constructors without reject handling
+- Find `Promise.all`/`Promise.allSettled` without error handling
+- Check for missing `unhandledRejection` process handler in Node.js entry points
 
-**Missing React Error Boundaries**:
-- Check if any ErrorBoundary component exists
+**Missing React/Framework Error Boundaries**:
+- Check if any ErrorBoundary component exists in the project
 - Find route-level components without error boundary wrapping
 - Check for `useEffect` with async operations lacking error handling
-- Find data-fetching hooks/components without error states
+- Find data-fetching hooks/components without error states (loading/error/data pattern)
+- **Next.js**: Check for `error.tsx` files in app directory routes
+- **Remix**: Check for `ErrorBoundary` exports in route modules
+- **SvelteKit**: Check for `+error.svelte` files
 
 **API Route Handlers**:
-- Find Express/Next.js/FastAPI route handlers
+- Find Express/Next.js/FastAPI/NestJS route handlers
 - Check each for try/catch wrapping
-- Verify error responses return appropriate status codes
+- Verify error responses return appropriate status codes (not 200 for errors)
 - Check for unvalidated request body/params usage
+- Check for missing global error middleware (Express `app.use((err, req, res, next)`)
+- Check for missing input validation (zod, joi, class-validator, etc.)
 
 **Database Operations**:
-- Find database calls (Prisma, Sequelize, raw SQL, etc.)
-- Check for transaction error handling
+- Find database calls (Prisma, Drizzle, Sequelize, raw SQL, etc.)
+- Check for transaction error handling and rollback
 - Verify connection error handling
+- Check for missing `.catch()` on query builders
 
 **File System / External Calls**:
 - Find fs operations without error handling
 - Find HTTP client calls (fetch, axios) without catch
 - Find child_process/exec calls without error handling
+- Find stream operations without error event listeners
 
 ### Step 3: Classify Severity
-- **Critical**: Unhandled errors that would crash the process or leave broken state
-- **High**: Missing error handling on user-facing paths
-- **Medium**: Internal operations that silently fail
-- **Low**: Edge cases unlikely to occur
+- **Critical**: Unhandled errors that would crash the process, corrupt data, or leave broken state
+- **High**: Missing error handling on user-facing paths that would show raw errors
+- **Medium**: Internal operations that silently fail or lose data
+- **Low**: Edge cases unlikely to occur in normal operation
 
 ### Step 4: Generate Report with Fixes
 ```
@@ -70,12 +85,29 @@ Find and fix unhandled error surfaces across the codebase.
 ### High — User-Facing Error Gaps
 - [file:line] No ErrorBoundary around <Dashboard /> route
   → Add ErrorBoundary with fallback UI
+- [file:line] Missing error.tsx in app/dashboard/
+  → Create error.tsx with user-friendly error UI
 
 ### Medium — Silent Failures
 - [file:line] fetch() in useEffect without .catch()
   → Add error state and catch handler
 
+### Low — Edge Cases
+- [file:line] fs.readFile without error callback
+  → Add error handling
+
 ### Summary
 - X critical, Y high, Z medium, W low issues found
-- Estimated effort: ...
+- Estimated effort per severity level
+
+### Follow-up
+- Run `/genskills:test-generator` to add tests for error paths
+- Run `/genskills:security-audit` to check if error messages leak sensitive info
 ```
+
+## Configuration
+Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences:
+- `framework`: string — override auto-detected framework
+- `autoFix`: boolean — automatically apply fixes for critical issues (default: false)
+- `ignorePaths`: string[] — paths to skip
+- `minSeverity`: "low" | "medium" | "high" | "critical" — minimum severity to report

package/skills/code-quality/lint-fix/SKILL.md

@@ -6,8 +6,8 @@ description: >
   "format code", "fix formatting", "fix style issues".
 user-invocable: true
 argument-hint: "[file or directory]"
-allowed-tools: "Read, Edit, Bash(npx eslint*), Bash(npx prettier*), Bash(ruff*), Bash(black*), Glob"
-genskills-version: "1.0.0"
+allowed-tools: "Read, Edit, Grep, Glob, Bash(npx eslint*), Bash(npx prettier*), Bash(npm run*), Bash(ruff*), Bash(black*), Bash(isort*)"
+genskills-version: "1.1.0"
 genskills-category: "code-quality"
 genskills-depends: []
 ---
@@ -18,27 +18,62 @@ Detect and fix linting and formatting issues.
 
 ## Process
 
+### Step 0: Load Project Context
+- Check for `CLAUDE.md` at the project root — follow any linting conventions documented there
+- Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences (see Configuration below)
+- Check `package.json` for custom lint scripts (`lint`, `lint:fix`, `format`)
+
 ### Step 1: Detect Linting Tools
-Check the project for:
-- `eslint.config.*` or `.eslintrc.*` → ESLint
+Check the project for (in order of priority):
+- `eslint.config.*` or `.eslintrc.*` → ESLint (check version: flat config vs legacy)
 - `.prettierrc*` or `prettier` in package.json → Prettier
+- `biome.json` or `biome.jsonc` → Biome
 - `ruff.toml` or `[tool.ruff]` in pyproject.toml → Ruff
 - `pyproject.toml [tool.black]` → Black
+- `pyproject.toml [tool.isort]` → isort
 - `.editorconfig` → EditorConfig settings
+- Custom lint scripts in `package.json` (prefer these over direct tool invocation)
 
 ### Step 2: Run Linters
 - If `$ARGUMENTS` specified, lint only that file/directory
-- Otherwise lint the full project
-- Run the detected linter with `--fix` flag
+- Otherwise, lint the full project
+- **Prefer project scripts first**: `npm run lint:fix` or `npm run format` if they exist
+- Fall back to direct tool invocation with `--fix` flag
 - Capture and report results
+- Run formatters AFTER linters (formatter output is canonical)
 
 ### Step 3: Fix Remaining Issues
 For issues that auto-fix can't resolve:
 - Read the flagged files
 - Apply manual fixes following the project's lint rules
-- Common fixes: unused imports, missing semicolons, incorrect spacing, naming conventions
+- Common fixes: unused imports, missing semicolons, incorrect spacing, naming conventions, import ordering
+- Do NOT disable lint rules with comments unless the rule is genuinely wrong for that line
+
+### Step 4: Re-run and Verify
+- Run the linter again to confirm all issues are resolved
+- If issues remain, report them clearly
+
+### Step 5: Report
+```
+## Lint Fix Report
+
+### Auto-fixed
+- N issues fixed by linter auto-fix
+
+### Manually Fixed
+- [file:line] Description of manual fix
+
+### Remaining (requires manual attention)
+- [file:line] Rule: description (reason it can't be auto-fixed)
+
+### Summary
+- Total issues found: N
+- Fixed: N (auto: N, manual: N)
+- Remaining: N
+```
 
-### Step 4: Report
-- List all fixed issues
-- List any remaining issues that need manual attention
-- Show the total count: fixed vs remaining
+## Configuration
+Check `${CLAUDE_SKILL_DIR}/_config.json` for user preferences:
+- `preferScript`: boolean — prefer `npm run lint:fix` over direct tool invocation (default: true)
+- `ignorePaths`: string[] — paths to skip
+- `formatOnFix`: boolean — also run formatter after linting (default: true)