github-manage-security-alerts-skill 1.0.1 → 1.0.2

package/CONTRIBUTING.md

@@ -22,8 +22,8 @@ python -m venv .venv
 From repo root, run:
 
 ```powershell
-python -m compileall ".github/skills/github-manage-security-alerts/scripts"
-python ".github/skills/github-manage-security-alerts/scripts/manage_github_security_alerts.py" --help
+python -m compileall "scripts"
+python "scripts/manage_github_security_alerts.py" --help
 ```
 
 If you touched command behavior, include example command invocations and expected output snippets in your PR description.

package/README.md

@@ -2,7 +2,7 @@
 
 [![latest GitHub release.](https://flat.badgen.net/github/release/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=cyan)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/releases) [![GitHub stars.](https://flat.badgen.net/github/stars/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=yellow)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/stargazers) [![GitHub forks.](https://flat.badgen.net/github/forks/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=green)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/forks) [![GitHub open issues.](https://flat.badgen.net/github/open-issues/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=red)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/issues) [![GitHub PRs.](https://flat.badgen.net/github/open-prs/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=orange)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/pulls?q=sort%3Aupdated-desc+is%3Apr+is%3Aopen) [![GitHub license](https://flat.badgen.net/github/license/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=purple)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/blob/main/LICENSE) [![GitHub Dependabot](https://flat.badgen.net/github/dependabot/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill?color=blue)](https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill/network/updates)
 
-A Copilot / AI skill for inspecting and managing GitHub repository security alerts across:
+An open-agent skill for inspecting and managing GitHub repository security alerts across:
 
 - code scanning
 - Dependabot
@@ -60,39 +60,36 @@ CHANGELOG.md
 
 ---
 
-## Publishing
+## Agent compatibility
 
-The skill is packaged for GitHub releases and npm as `github-manage-security-alerts-skill`.
+This is a root `SKILL.md` package. `npx skills` can install it directly from GitHub, and `npx skills experimental_sync` can discover it from `node_modules` because the npm package ships `SKILL.md` at the package root.
 
-For the first npm publish, publish locally once so the package exists:
+Use `--agent universal` for agents that consume the shared `.agents/skills` layout. Use `--agent "*"` only when you intentionally want to install to every supported agent directory.
 
 ```powershell
-npm run release:verify
-npm publish
+npx skills add Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill -g --agent universal -y
+npx skills add Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill -g --agent "*" -y
+npm install --save-dev github-manage-security-alerts-skill
+npx skills experimental_sync --agent universal -y
 ```
 
-Then configure npm trusted publishing for staged publishing:
+OpenAI-specific display metadata lives in `agents/openai.yaml`. The portable skill contract is `SKILL.md` plus the referenced `assets/` and `scripts/` files.
 
-- Organization or user: `Nick2bad4u`
-- Repository: `Github-Security-CodeScanning-Alerts-Skill`
-- Workflow filename: `release-skill.yml`
-- Allowed action: `npm stage publish`
-
-CLI equivalent:
+---
 
-```powershell
-npm trust github "github-manage-security-alerts-skill" --repo "Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill" --file "release-skill.yml" --allow-stage-publish
-```
+## Publishing
 
-After that, create releases from GitHub Actions by pushing a `vX.Y.Z` tag or running the `Release Skill Bundle` workflow manually with an explicit version. The workflow uses npm OIDC trusted publishing to stage the package and does not require an npm automation token.
+The skill is packaged for GitHub releases and npm as `github-manage-security-alerts-skill`.
 
-Approve the staged package after reviewing it:
+Verify the package locally before publishing:
 
 ```powershell
-npm stage list "github-manage-security-alerts-skill"
-npm stage approve "<stage-id>"
+npm run release:verify
+npm publish --access public --provenance
 ```
 
+GitHub Actions publishes with npm OIDC trusted publishing using `npm publish --access public --provenance`. Configure the npm package trusted publisher for repository `Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill` and workflow `.github/workflows/release-skill.yml`. The workflow intentionally does not use `npm stage` commands.
+
 ---
 
 ## Quick start

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "github-manage-security-alerts-skill",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "private": false,
   "description": "Codex skill for inspecting and triaging GitHub security alerts.",
   "license": "Unlicense",
@@ -15,12 +15,21 @@
   "homepage": "https://github.com/Nick2bad4u/Github-Security-CodeScanning-Alerts-Skill#readme",
   "keywords": [
     "agent-skill",
+    "agent-skills",
+    "ai-agent",
+    "claude-code",
     "code-scanning",
     "codex",
+    "cursor",
     "dependabot",
+    "gemini-cli",
     "github-security",
+    "github-copilot",
     "openai",
-    "secret-scanning"
+    "opencode",
+    "secret-scanning",
+    "universal",
+    "zed"
   ],
   "files": [
     "SKILL.md",