mindforge-cc 11.5.1 → 11.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (170) hide show
  1. package/.agent/mindforge/skill-tdd.md +53 -0
  2. package/.agent/mindforge/skills-index.md +118 -0
  3. package/.agent/mindforge/systematic-debug.md +60 -0
  4. package/.agent/skills/1password-skill/SKILL.md +156 -0
  5. package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
  6. package/.agent/skills/1password-skill/references/get-started.md +21 -0
  7. package/.agent/skills/article-illustrator/SKILL.md +199 -0
  8. package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
  9. package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
  10. package/.agent/skills/article-illustrator/references/styles.md +224 -0
  11. package/.agent/skills/article-illustrator/references/usage.md +50 -0
  12. package/.agent/skills/article-illustrator/references/workflow.md +332 -0
  13. package/.agent/skills/arxiv/SKILL.md +275 -0
  14. package/.agent/skills/blogwatcher/SKILL.md +130 -0
  15. package/.agent/skills/code-wiki/SKILL.md +438 -0
  16. package/.agent/skills/code-wiki/templates/README.md +31 -0
  17. package/.agent/skills/code-wiki/templates/architecture.md +30 -0
  18. package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
  19. package/.agent/skills/code-wiki/templates/module.md +38 -0
  20. package/.agent/skills/codebase-inspection/SKILL.md +109 -0
  21. package/.agent/skills/comic-creator/SKILL.md +240 -0
  22. package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
  23. package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
  24. package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
  25. package/.agent/skills/comic-creator/references/character-template.md +180 -0
  26. package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
  27. package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
  28. package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
  29. package/.agent/skills/comic-creator/references/workflow.md +401 -0
  30. package/.agent/skills/concept-diagrams/SKILL.md +355 -0
  31. package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
  32. package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
  33. package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
  34. package/.agent/skills/creative-ideation/SKILL.md +144 -0
  35. package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
  36. package/.agent/skills/devops-cli/SKILL.md +149 -0
  37. package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
  38. package/.agent/skills/devops-cli/references/authentication.md +59 -0
  39. package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
  40. package/.agent/skills/devops-cli/references/running-apps.md +171 -0
  41. package/.agent/skills/devops-watchers/SKILL.md +103 -0
  42. package/.agent/skills/docker-management/SKILL.md +273 -0
  43. package/.agent/skills/domain-intel/SKILL.md +96 -0
  44. package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
  45. package/.agent/skills/github-auth/SKILL.md +240 -0
  46. package/.agent/skills/github-code-review/SKILL.md +474 -0
  47. package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
  48. package/.agent/skills/github-issues/SKILL.md +363 -0
  49. package/.agent/skills/github-issues/templates/bug-report.md +35 -0
  50. package/.agent/skills/github-issues/templates/feature-request.md +31 -0
  51. package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
  52. package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
  53. package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
  54. package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
  55. package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
  56. package/.agent/skills/github-repo-management/SKILL.md +509 -0
  57. package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
  58. package/.agent/skills/godmode/SKILL.md +396 -0
  59. package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
  60. package/.agent/skills/godmode/references/refusal-detection.md +142 -0
  61. package/.agent/skills/hyperframes/SKILL.md +182 -0
  62. package/.agent/skills/hyperframes/references/cli.md +185 -0
  63. package/.agent/skills/hyperframes/references/composition.md +129 -0
  64. package/.agent/skills/hyperframes/references/features.md +289 -0
  65. package/.agent/skills/hyperframes/references/gsap.md +136 -0
  66. package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
  67. package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
  68. package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
  69. package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
  70. package/.agent/skills/kanban-worker/SKILL.md +188 -0
  71. package/.agent/skills/llm-wiki/SKILL.md +499 -0
  72. package/.agent/skills/meme-generation/SKILL.md +122 -0
  73. package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
  74. package/.agent/skills/obsidian/SKILL.md +60 -0
  75. package/.agent/skills/osint-investigation/SKILL.md +269 -0
  76. package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
  77. package/.agent/skills/oss-forensics/SKILL.md +422 -0
  78. package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
  79. package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
  80. package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
  81. package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
  82. package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
  83. package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
  84. package/.agent/skills/parallel-cli/SKILL.md +384 -0
  85. package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
  86. package/.agent/skills/pixel-art/SKILL.md +209 -0
  87. package/.agent/skills/pixel-art/references/palettes.md +49 -0
  88. package/.agent/skills/plan/SKILL.md +331 -0
  89. package/.agent/skills/polymarket/SKILL.md +75 -0
  90. package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
  91. package/.agent/skills/python-debugpy/SKILL.md +368 -0
  92. package/.agent/skills/requesting-code-review/SKILL.md +273 -0
  93. package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
  94. package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
  95. package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
  96. package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
  97. package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
  98. package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
  99. package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
  100. package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
  101. package/.agent/skills/research-paper-writing/references/sources.md +191 -0
  102. package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
  103. package/.agent/skills/research-paper-writing/templates/README.md +251 -0
  104. package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
  105. package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
  106. package/.agent/skills/scrapling/SKILL.md +328 -0
  107. package/.agent/skills/sherlock/SKILL.md +186 -0
  108. package/.agent/skills/simplify-code/SKILL.md +168 -0
  109. package/.agent/skills/skill-authoring/SKILL.md +158 -0
  110. package/.agent/skills/spike/SKILL.md +190 -0
  111. package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
  112. package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
  113. package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
  114. package/.agent/skills/systematic-debugging/SKILL.md +360 -0
  115. package/.agent/skills/test-driven-development/SKILL.md +336 -0
  116. package/.agent/skills/video-orchestrator/SKILL.md +194 -0
  117. package/.agent/skills/video-orchestrator/references/examples.md +227 -0
  118. package/.agent/skills/video-orchestrator/references/intake.md +166 -0
  119. package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
  120. package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
  121. package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
  122. package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
  123. package/.agent/skills/web-pentest/SKILL.md +332 -0
  124. package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
  125. package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
  126. package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
  127. package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
  128. package/.agent/skills/web-pentest/templates/authorization.md +69 -0
  129. package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
  130. package/.claude/commands/mindforge/skill-tdd.md +53 -0
  131. package/.claude/commands/mindforge/skills-index.md +118 -0
  132. package/.claude/commands/mindforge/systematic-debug.md +60 -0
  133. package/.mindforge/config.json +2 -2
  134. package/.mindforge/memory/sync-manifest.json +1 -1
  135. package/.mindforge/skills/arxiv/SKILL.md +294 -0
  136. package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
  137. package/.mindforge/skills/code-wiki/SKILL.md +457 -0
  138. package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
  139. package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
  140. package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
  141. package/.mindforge/skills/domain-intel/SKILL.md +116 -0
  142. package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
  143. package/.mindforge/skills/github-code-review/SKILL.md +493 -0
  144. package/.mindforge/skills/github-issues/SKILL.md +382 -0
  145. package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
  146. package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
  147. package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
  148. package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
  149. package/.mindforge/skills/meme-generation/SKILL.md +141 -0
  150. package/.mindforge/skills/obsidian/SKILL.md +80 -0
  151. package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
  152. package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
  153. package/.mindforge/skills/pixel-art/SKILL.md +228 -0
  154. package/.mindforge/skills/plan/SKILL.md +350 -0
  155. package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
  156. package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
  157. package/.mindforge/skills/scrapling/SKILL.md +345 -0
  158. package/.mindforge/skills/sherlock/SKILL.md +203 -0
  159. package/.mindforge/skills/simplify-code/SKILL.md +187 -0
  160. package/.mindforge/skills/spike/SKILL.md +209 -0
  161. package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
  162. package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
  163. package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
  164. package/.mindforge/skills/web-pentest/SKILL.md +327 -0
  165. package/CHANGELOG.md +43 -0
  166. package/MINDFORGE.md +2 -2
  167. package/README.md +39 -3
  168. package/RELEASENOTES.md +55 -0
  169. package/docs/getting-started.md +42 -5
  170. package/package.json +1 -1
@@ -0,0 +1,288 @@
1
+ ---
2
+ name: osint-investigation
3
+ description: "Public-records OSINT investigation framework — SEC EDGAR filings, USAspending contracts, Senate lobbying, OFAC sanctions, ICIJ offshore leaks, NYC property records (ACRIS), OpenCorporates registries, CourtListener court records, Wayback Machine archives, Wikipedia + Wikidata, GDELT news monitoring. Entity resolution across sources, cross-link analysis, timing correlation, evidence chains. Python stdlib only."
4
+ version: 0.1.0
5
+ status: stable
6
+ min_mindforge_version: 11.5.1
7
+ triggers: OSINT investigation, public records research, entity investigation, due diligence, open source intelligence, osint research, public records lookup, investigate entity, company due diligence, background investigation, osint analysis, open source investigation
8
+ ---
9
+
10
+ # OSINT Investigation — Public Records Cross-Reference
11
+
12
+ Investigative framework for public-records OSINT: government contracts,
13
+ corporate filings, lobbying, sanctions, offshore leaks, property records,
14
+ court records, web archives, knowledge bases, and global news. Resolve
15
+ entities across heterogeneous sources, build cross-links with explicit
16
+ confidence, run statistical timing tests, and produce structured evidence
17
+ chains.
18
+
19
+ **Python stdlib only.** Zero install. Works on Linux, macOS, Windows. Most
20
+ sources work with no API key (OpenCorporates has an optional free token
21
+ that raises rate limits).
22
+
23
+ to cover identity / property / litigation / archives / news sources that
24
+ the original didn't address.
25
+
26
+ ## When to use this skill
27
+
28
+ Use when the user asks for:
29
+
30
+ - "follow the money" — government contracts, lobbying → legislation, sanctions
31
+ - corporate due diligence — who controls company X, where are they
32
+ incorporated, who serves on their boards, what filings have they made
33
+ - sanctions screening — is entity X on OFAC SDN, ICIJ offshore leaks
34
+ - pay-to-play investigation — contractors with offshore ties, lobbying
35
+ clients winning awards
36
+ - property ownership — find recorded deeds/mortgages by name or address
37
+ (NYC; for other counties point users at the relevant recorder)
38
+ - litigation history — find federal + state court opinions and PACER dockets
39
+ - multi-source entity resolution where naming varies (LLC suffixes, abbreviations)
40
+ - evidence-chain construction with explicit confidence levels
41
+ - "what's been said about X" — international news (GDELT) + Wikipedia
42
+ narrative + Wayback Machine to recover dead URLs
43
+
44
+ Do NOT use this skill for:
45
+
46
+ - general web research → `web_search` / `web_extract`
47
+ - domain/infrastructure OSINT → `domain-intel` skill
48
+ - academic literature → `arxiv` skill
49
+ - social-media profile discovery → `sherlock` skill (optional)
50
+ - US **federal** campaign finance — FEC is intentionally NOT covered here
51
+ (the API is unreliable for ad-hoc contributor-name queries on the free
52
+ DEMO_KEY tier). For federal donations, point users at
53
+ https://www.fec.gov/data/ directly.
54
+
55
+ ## Workflow
56
+
57
+ The agent runs scripts via the `terminal` tool. `SKILL_DIR` is the directory
58
+ holding this SKILL.md.
59
+
60
+ ### 1. Identify which sources apply
61
+
62
+ Read the data-source wiki entries to plan the investigation:
63
+
64
+ ```
65
+ ls SKILL_DIR/references/sources/
66
+
67
+ # Federal financial / regulatory
68
+ cat SKILL_DIR/references/sources/sec-edgar.md # corporate filings
69
+ cat SKILL_DIR/references/sources/usaspending.md # federal contracts
70
+ cat SKILL_DIR/references/sources/senate-ld.md # lobbying
71
+ cat SKILL_DIR/references/sources/ofac-sdn.md # sanctions
72
+ cat SKILL_DIR/references/sources/icij-offshore.md # offshore leaks
73
+
74
+ # Identity / property / litigation / archives / news
75
+ cat SKILL_DIR/references/sources/nyc-acris.md # NYC property records
76
+ cat SKILL_DIR/references/sources/opencorporates.md # global corporate registry
77
+ cat SKILL_DIR/references/sources/courtlistener.md # court records (federal + state)
78
+ cat SKILL_DIR/references/sources/wayback.md # Wayback Machine archives
79
+ cat SKILL_DIR/references/sources/wikipedia.md # Wikipedia + Wikidata
80
+ cat SKILL_DIR/references/sources/gdelt.md # global news monitoring
81
+ ```
82
+
83
+ Each entry follows a 9-section template: summary, access, schema, coverage,
84
+ cross-reference keys, data quality, acquisition, legal, references.
85
+
86
+ The **cross-reference potential** section maps join keys between sources — read
87
+ those first to pick the right pair.
88
+
89
+ ### 2. Acquire data
90
+
91
+ Each source has a stdlib-only fetch script in `SKILL_DIR/scripts/`:
92
+
93
+ **Federal financial / regulatory**
94
+
95
+ ```bash
96
+ # SEC EDGAR filings (corporate disclosures)
97
+ python3 SKILL_DIR/scripts/fetch_sec_edgar.py --cik 0000320193 \
98
+ --types 10-K,10-Q --out data/edgar_filings.csv
99
+
100
+ # USAspending federal contracts
101
+ python3 SKILL_DIR/scripts/fetch_usaspending.py --recipient "EXAMPLE CORP" \
102
+ --fy 2024 --out data/contracts.csv
103
+
104
+ # Senate LD-1 / LD-2 lobbying disclosures
105
+ python3 SKILL_DIR/scripts/fetch_senate_ld.py --client "EXAMPLE CORP" \
106
+ --year 2024 --out data/lobbying.csv
107
+
108
+ # OFAC SDN sanctions list (full snapshot)
109
+ python3 SKILL_DIR/scripts/fetch_ofac_sdn.py --out data/ofac_sdn.csv
110
+
111
+ # ICIJ Offshore Leaks — downloads ~70 MB bulk CSV on first use,
112
+ # then searches it locally. Cached for 30 days under
113
+ # $HERMES_OSINT_CACHE/icij/ (default: ~/.cache/hermes-osint/icij/).
114
+ python3 SKILL_DIR/scripts/fetch_icij_offshore.py --entity "EXAMPLE CORP" \
115
+ --out data/icij.csv
116
+ ```
117
+
118
+ **Identity / property / litigation / archives / news**
119
+
120
+ ```bash
121
+ # NYC property records (deeds, mortgages, liens) — ACRIS via Socrata
122
+ python3 SKILL_DIR/scripts/fetch_nyc_acris.py --name "SMITH, JOHN" \
123
+ --out data/acris.csv
124
+ python3 SKILL_DIR/scripts/fetch_nyc_acris.py --address "571 HUDSON" \
125
+ --out data/acris_addr.csv
126
+
127
+ # OpenCorporates — 130+ jurisdiction corporate registry
128
+ # (free token required; set OPENCORPORATES_API_TOKEN or pass --token)
129
+ python3 SKILL_DIR/scripts/fetch_opencorporates.py --query "Example Corp" \
130
+ --jurisdiction us_ny --out data/opencorporates.csv
131
+
132
+ # CourtListener — federal + state court opinions, PACER dockets
133
+ python3 SKILL_DIR/scripts/fetch_courtlistener.py --query "Smith v. Example Corp" \
134
+ --type opinions --out data/courts.csv
135
+
136
+ # Wayback Machine — historical web captures
137
+ python3 SKILL_DIR/scripts/fetch_wayback.py --url "example.com" \
138
+ --match host --collapse digest --out data/wayback.csv
139
+
140
+ # Wikipedia + Wikidata — narrative bio + structured facts
141
+ # Set HERMES_OSINT_UA=your-app/1.0 (your@email) to identify yourself
142
+ python3 SKILL_DIR/scripts/fetch_wikipedia.py --query "Bill Gates" \
143
+ --out data/wp.csv
144
+
145
+ # GDELT — global news in 100+ languages, ~2015→present
146
+ python3 SKILL_DIR/scripts/fetch_gdelt.py --query '"Example Corp"' \
147
+ --timespan 1y --out data/gdelt.csv
148
+ ```
149
+
150
+ All outputs are normalized CSV with a header row. Re-run scripts idempotently.
151
+
152
+ When a private individual won't be in a source (e.g. SEC EDGAR for a non-public-
153
+ company person, USAspending for someone who isn't a federal contractor, Senate
154
+ LDA for someone who isn't a lobbying client), the script returns 0 rows with a
155
+ clear warning rather than silently writing an empty CSV. EDGAR specifically
156
+ flags when the company-name resolver matched an individual Form 3/4/5 filer
157
+ rather than a corporate registrant.
158
+
159
+ Rate-limit notes are in each source's wiki entry. Default fetchers sleep
160
+ politely between paginated requests. **API keys raise rate limits** for
161
+ sources that support them (`SEC_USER_AGENT`, `SENATE_LDA_TOKEN`,
162
+ `OPENCORPORATES_API_TOKEN`, `COURTLISTENER_TOKEN`). All scripts surface
163
+ 429 responses immediately with the upstream's quota message so the user
164
+ knows to slow down or supply a key.
165
+
166
+ ### 3. Resolve entities across sources
167
+
168
+ Normalize names and find matches between two CSV files:
169
+
170
+ ```bash
171
+ # Match lobbying clients (Senate LDA) against contract recipients (USAspending)
172
+ python3 SKILL_DIR/scripts/entity_resolution.py \
173
+ --left data/lobbying.csv --left-name-col client_name \
174
+ --right data/contracts.csv --right-name-col recipient_name \
175
+ --out data/cross_links.csv
176
+ ```
177
+
178
+ Three matching tiers with explicit confidence:
179
+
180
+ | Tier | Method | Confidence |
181
+ |------|--------|------------|
182
+ | `exact` | Normalized strings equal after suffix/punctuation strip | high |
183
+ | `fuzzy` | Sorted-token equality (word-bag match) | medium |
184
+ | `token_overlap` | ≥60% token overlap, ≥2 shared tokens, tokens ≥4 chars | low |
185
+
186
+ Output `cross_links.csv` columns: `match_type, confidence, left_name,
187
+ right_name, left_normalized, right_normalized, left_row, right_row`.
188
+
189
+ ### 4. Statistical timing correlation (optional)
190
+
191
+ Test whether two time series cluster suspiciously close together — e.g.
192
+ lobbying filings near contract awards — using a permutation test:
193
+
194
+ ```bash
195
+ python3 SKILL_DIR/scripts/timing_analysis.py \
196
+ --donations data/lobbying.csv --donation-date-col filing_date \
197
+ --donation-amount-col income --donation-donor-col client_name \
198
+ --donation-recipient-col registrant_name \
199
+ --contracts data/contracts.csv --contract-date-col award_date \
200
+ --contract-vendor-col recipient_name \
201
+ --cross-links data/cross_links.csv \
202
+ --permutations 1000 \
203
+ --out data/timing.json
204
+ ```
205
+
206
+ The script's column flags are intentionally generic — the original tool was
207
+ written for donations vs awards, but it works for any (event, payee) time
208
+ series joined through cross-links. Null hypothesis: event timing is
209
+ independent of award dates. One-tailed p-value = fraction of permutations
210
+ with mean nearest-award distance ≤ observed. Minimum 3 events per (payer,
211
+ vendor) pair to run the test.
212
+
213
+ ### 5. Build the findings JSON (evidence chain)
214
+
215
+ ```bash
216
+ python3 SKILL_DIR/scripts/build_findings.py \
217
+ --cross-links data/cross_links.csv \
218
+ --timing data/timing.json \
219
+ --out data/findings.json
220
+ ```
221
+
222
+ Every finding has `id, title, severity, confidence, summary, evidence[], sources[]`.
223
+ Each evidence item points back to a specific row in a source CSV. The user (or a
224
+ follow-up agent) can verify every claim against its source.
225
+
226
+ ## Confidence and evidence discipline
227
+
228
+ This is the load-bearing rule of the skill. Tell the user:
229
+
230
+ - Every claim must trace to a record. No naked assertions.
231
+ - Confidence tier travels with the claim. `match_type=fuzzy` is "probable",
232
+ not "confirmed."
233
+ - Entity resolution produces candidates, NOT conclusions. A `fuzzy` match
234
+ between "ACME LLC" and "Acme Holdings Group" is a lead, not a fact.
235
+ - Statistical significance ≠ wrongdoing. p < 0.05 means the timing pattern
236
+ is unlikely under the null. It does not establish corruption.
237
+ - All data sources here are public records. They may still contain
238
+ inaccuracies, stale info, or redactions (GDPR, sealed records).
239
+
240
+ ## Adding a new data source
241
+
242
+ Use the template:
243
+
244
+ ```bash
245
+ cp SKILL_DIR/templates/source-template.md \
246
+ SKILL_DIR/references/sources/<your-source>.md
247
+ ```
248
+
249
+ Fill in all 9 sections. Write a `fetch_<source>.py` script in `scripts/` that
250
+ uses stdlib only and writes a normalized CSV. Update the source list in the
251
+ "When to use" section above.
252
+
253
+ ## Tools and their limits
254
+
255
+ - `entity_resolution.py` does NOT use external fuzzy libraries (no rapidfuzz,
256
+ no jellyfish). Token-bag matching is the upper bound here. If you need
257
+ Levenshtein, transliteration, or phonetic matching, pip-install separately.
258
+ - `timing_analysis.py` uses Python's `random` for permutations. For
259
+ reproducibility, pass `--seed N`.
260
+ - `fetch_*.py` scripts use `urllib.request` and respect `Retry-After`. Heavy
261
+ bulk usage may still violate ToS — read each source's legal section first.
262
+
263
+ ## Legal note
264
+
265
+ All Phase-1 sources are public records. Bulk acquisition is permitted under
266
+ their respective access terms (FOIA, public records law, ICIJ explicit
267
+ publication, OFAC public data). However:
268
+
269
+ - Some sources rate-limit aggressively. Respect their headers.
270
+ - Some redact registrant info (GDPR on WHOIS, sealed filings).
271
+ - Cross-referencing public records to identify private individuals can have
272
+ ethical implications. The skill produces evidence chains, not accusations.
273
+
274
+ ## Mandatory actions when this skill is active
275
+
276
+ Before applying this skill:
277
+ - [ ] Read the task requirements fully before acting
278
+ - [ ] Confirm you understand the goal and constraints
279
+ - [ ] Check for existing work or prior context in the codebase
280
+
281
+ While working:
282
+ - [ ] Follow the methodology described above step by step
283
+ - [ ] Document any decisions or findings as you go
284
+
285
+ After completing:
286
+ - [ ] Self-check: does the output satisfy the original requirement?
287
+ - [ ] Verify no regressions or unintended side effects
288
+