opencode-skills-collection 3.0.4 → 3.0.5

package/bundled-skills/.antigravity-install-manifest.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": 1,
-  "updatedAt": "2026-05-04T01:45:30.378Z",
+  "updatedAt": "2026-05-05T01:45:37.168Z",
   "entries": [
     "00-andruia-consultant",
     "007",
@@ -1021,6 +1021,7 @@
     "product-manager",
     "product-manager-toolkit",
     "product-marketing-context",
+    "production-audit",
     "production-code-audit",
     "production-scheduling",
     "professional-proofreader",
@@ -1072,6 +1073,7 @@
     "readme",
     "recallmax",
     "receiving-code-review",
+    "recursive-context-pruning-token-budgeting",
     "red-team-tactics",
     "red-team-tools",
     "reddit-automation",

package/bundled-skills/buywhere-product-catalog/SKILL.md

@@ -4,10 +4,10 @@ description: "Use BuyWhere's MCP and API surfaces to add product search, price c
 category: ecommerce
 risk: safe
 source: official
-source_repo: BuyWhere/buywhere-cursor-plugin
+source_repo: BuyWhere/buywhere-mcp
 source_type: official
 license: "Not declared"
-license_source: "https://github.com/BuyWhere/buywhere-cursor-plugin"
+license_source: "https://github.com/BuyWhere/buywhere-mcp"
 date_added: "2026-04-29"
 author: BuyWhere
 tags: [buywhere, ecommerce, shopping, mcp, api, product-catalog]

package/bundled-skills/docs/integrations/jetski-cortex.md

@@ -1,9 +1,9 @@
 ---
 title: Jetski/Cortex + Gemini Integration Guide
-description: "Use antigravity-awesome-skills with Jetski/Cortex without hitting context-window overflow with 1,443+ skills."
+description: "Use antigravity-awesome-skills with Jetski/Cortex without hitting context-window overflow with 1,445+ skills."
 ---
 
-# Jetski/Cortex + Gemini: safe integration with 1,443+ skills
+# Jetski/Cortex + Gemini: safe integration with 1,445+ skills
 
 This guide shows how to integrate the `antigravity-awesome-skills` repository with an agent based on **Jetski/Cortex + Gemini** (or similar frameworks) **without exceeding the model context window**.
 
@@ -23,7 +23,7 @@ Never do:
 - concatenate all `SKILL.md` content into a single system prompt;
 - re-inject the entire library for **every** request.
 
-With 1,443+ skills, this approach fills the context window before user messages are even added, causing truncation.
+With 1,445+ skills, this approach fills the context window before user messages are even added, causing truncation.
 
 ---
 

package/bundled-skills/docs/integrations/jetski-gemini-loader/README.md

@@ -20,7 +20,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
 - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
 - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
 
-This pattern avoids context overflow when you have 1,443+ skills installed.
+This pattern avoids context overflow when you have 1,445+ skills installed.
 
 ---
 

package/bundled-skills/docs/maintainers/repo-growth-seo.md

@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
 
 Preferred positioning:
 
-> Installable GitHub library of 1,443+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,445+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
 
 Key framing:
 
@@ -20,7 +20,7 @@ Key framing:
 
 Preferred description:
 
-> Installable GitHub library of 1,443+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,445+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
 
 Preferred homepage:
 
@@ -28,7 +28,7 @@ Preferred homepage:
 
 Preferred social preview:
 
-- use a clean preview image that says `1,443+ Agentic Skills`;
+- use a clean preview image that says `1,445+ Agentic Skills`;
 - mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
 - avoid dense text and tiny logos that disappear in social cards.
 

package/bundled-skills/docs/maintainers/skills-update-guide.md

@@ -69,7 +69,7 @@ For manual updates, you need:
 The update process refreshes:
 - Skills index (`skills_index.json`)
 - Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,443+ skills from the skills directory
+- All 1,445+ skills from the skills directory
 
 ## When to Update
 

package/bundled-skills/docs/users/bundles.md

@@ -673,4 +673,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
 
 ---
 
-_Last updated: March 2026 | Total Skills: 1,443+ | Total Bundles: 37_
+_Last updated: March 2026 | Total Skills: 1,445+ | Total Bundles: 37_

package/bundled-skills/docs/users/claude-code-skills.md

@@ -12,7 +12,7 @@ Install the library into Claude Code, then invoke focused skills directly in the
 
 ## Why use this repo for Claude Code
 
-- It includes 1,443+ skills instead of a narrow single-domain starter pack.
+- It includes 1,445+ skills instead of a narrow single-domain starter pack.
 - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
 - It also ships generated bundle plugins so teams can install focused packs like `Essentials` or `Security Developer` from the marketplace metadata.
 - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.

package/bundled-skills/docs/users/gemini-cli-skills.md

@@ -12,7 +12,7 @@ Install into the Gemini skills path, then ask Gemini to apply one skill at a tim
 
 - It installs directly into the expected Gemini skills path.
 - It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,443+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,445+ files.
 - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
 
 ## Install Gemini CLI Skills

package/bundled-skills/docs/users/getting-started.md

@@ -1,4 +1,4 @@
-# Getting Started with Antigravity Awesome Skills (V10.9.0)
+# Getting Started with Antigravity Awesome Skills (V10.10.0)
 
 **New here? This guide will help you supercharge your AI Agent in 5 minutes.**
 

package/bundled-skills/docs/users/kiro-integration.md

@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
 
 Kiro's agentic capabilities are enhanced by skills that provide:
 
-- **Domain expertise** across 1,443+ specialized areas
+- **Domain expertise** across 1,445+ specialized areas
 - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
 - **Workflow automation** for common development tasks
 - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture

package/bundled-skills/docs/users/usage.md

@@ -14,7 +14,7 @@ If you came in through a **Claude Code** or **Codex** plugin instead of a full l
 
 When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
 
-✅ **Downloaded 1,443+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)
+✅ **Downloaded 1,445+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)
 ✅ **Made them available** to your AI assistant  
 ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting)
 
@@ -34,7 +34,7 @@ Bundles are **curated groups** of skills organized by role. They help you decide
 
 **Analogy:**
 
-- You installed a toolbox with 1,443+ tools (✅ done)
+- You installed a toolbox with 1,445+ tools (✅ done)
 - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
 - You can either **pick skills from the tray** or install that tray as a focused marketplace bundle plugin
 
@@ -212,7 +212,7 @@ Let's actually use a skill right now. Follow these steps:
 
 ## Step 5: Picking Your First Skills (Practical Advice)
 
-Don't try to use all 1,443+ skills at once. Here's a sensible approach:
+Don't try to use all 1,445+ skills at once. Here's a sensible approach:
 
 If you want a tool-specific starting point before choosing skills, use:
 
@@ -343,7 +343,7 @@ Usually no, but if your AI doesn't recognize a skill:
 
 ### "Can I load all skills into the model at once?"
 
-No. Even though you have 1,443+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,445+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
 
 The intended pattern is:
 

package/bundled-skills/docs/users/visual-guide.md

@@ -34,7 +34,7 @@ antigravity-awesome-skills/
 ├── 📄 CONTRIBUTING.md                  ← Contributor workflow
 ├── 📄 CATALOG.md                       ← Full generated catalog
 │
-├── 📁 skills/                          ← 1,443+ skills live here
+├── 📁 skills/                          ← 1,445+ skills live here
 │   │
 │   ├── 📁 brainstorming/
 │   │   └── 📄 SKILL.md                 ← Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
 │   │   └── 📁 2d-games/
 │   │       └── 📄 SKILL.md             ← Nested skills also supported
 │   │
-│   └── ... (1,443+ total)
+│   └── ... (1,445+ total)
 │
 ├── 📁 apps/
 │   └── 📁 web-app/                     ← Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
 
 ```
                     ┌─────────────────────────┐
-                    │  1,443+ SKILLS          │
+                    │  1,445+ SKILLS          │
                     └────────────┬────────────┘
                                  │
         ┌────────────────────────┼────────────────────────┐
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
 │   ├── 📁 brainstorming/                 │
 │   ├── 📁 stripe-integration/            │
 │   ├── 📁 react-best-practices/          │
-│   └── ... (1,443+ total)                │
+│   └── ... (1,445+ total)                │
 └─────────────────────────────────────────┘
 ```
 

package/bundled-skills/production-audit/SKILL.md

@@ -0,0 +1,209 @@
+---
+name: production-audit
+description: "Audit a shipped repo for production-readiness gaps across RLS, webhooks, secrets, grants, Stripe idempotency, mobile UX, and deployment health."
+category: security
+risk: safe
+source: community
+source_repo: commitshow/production-audit
+source_type: community
+date_added: "2026-05-04"
+author: commitshow
+tags: [security, audit, production, vibe-coding, rls, webhook, stripe, supabase, mobile]
+tools: [claude, cursor, gemini, codex, antigravity]
+license: "MIT"
+license_source: "https://github.com/commitshow/production-audit/blob/main/LICENSE"
+---
+
+# Production Audit
+
+## Overview
+
+A skill that runs an external audit on a shipped repo's deployed state — live URL, GitHub signals, secrets exposure, RLS gaps, webhook idempotency, indexes, observability, prompt injection, and ten other failure modes that AI-assisted projects routinely miss.
+
+This is **complementary** to in-session security skills (`security-review`, OWASP-style, VibeSec, Trail of Bits). Those scan the editor buffer at write-time. This scans the deployed product after you commit. Different timing, different inputs, different findings. Run both for serious launches.
+
+The skill wraps the [commit.show](https://commit.show) audit engine via the public CLI (`npx commitshow audit . --json`). Stable JSON envelope (`schema_version: "1"`, additive-only). Writes a `.commitshow/audit.{md,json}` sidecar so future agent sessions can read prior state without re-running the engine.
+
+## When to Use This Skill
+
+- Use when the user asks "is this production-ready", "what would break in prod", "score my project", "what did I miss", "audit my repo", "ready to ship".
+- Use right after merging a feature branch to `main` (helpful as a pre-deploy gate).
+- Use before a public launch / Show HN post / investor demo.
+- Use when `git log` shows >20 commits since the last `.commitshow/audit.md` was written.
+
+### Skip when
+
+- During active in-session coding — use `security-review` / OWASP-style for line-level patterns. This skill is for post-merge / pre-ship review.
+- For library / scaffold-form repos — the engine handles **app form** best; libraries get a partial-substitute score.
+- If `.commitshow/audit.json` already exists and is < 1 hour old, read that instead of re-running. Audit is rate-limited (anonymous: 20/IP/day · 5/repo/day · 2000/day global).
+- Inside a private / non-GitHub repo — the audit pulls public GitHub signals, so private repos return a `not_found` error.
+
+## How It Works
+
+### Step 1: Run the audit
+
+From the repo root. The CLI is pinned to a known-good range (an attacker-pushed `0.4.x` won't be picked up silently — bumping the floor is a deliberate edit), the sidecar directory is created up-front, and stderr is split off so install/deprecation warnings can't corrupt the JSON envelope:
+
+```bash
+mkdir -p .commitshow
+npx commitshow@^0.3.23 audit . --json \
+  > .commitshow/audit.json \
+  2> .commitshow/audit.stderr.log
+```
+
+This also writes a human-readable `.commitshow/audit.md` next to it. Subsequent invocations should diff against the prior `audit.json` if it exists, so you can lead with "+5 since yesterday's audit" instead of just an absolute number.
+
+If the user pointed at a remote URL instead of `.`, swap `.` for the URL — keep the same `mkdir -p` + version pin + stderr split:
+
+```bash
+mkdir -p .commitshow
+npx commitshow@^0.3.23 audit github.com/owner/repo --json \
+  > .commitshow/audit.json \
+  2> .commitshow/audit.stderr.log
+```
+
+### Step 2: Parse the envelope
+
+The JSON envelope is stable (`schema_version: "1"`, additive-only). Read these fields:
+
+| Field | Meaning |
+|---|---|
+| `score.total` | 0-100 production-readiness score |
+| `score.delta_since_last` | change vs. parent snapshot · positive = improving |
+| `score.band` | `strong` (80+) · `mid` (60-79) · `early` (<60) |
+| `concerns[]` | top issues, ordered by impact · each has `axis` + `bullet` |
+| `strengths[]` | top 3 things that work · for context only |
+| `standing` | optional · only when the project is auditioning on commit.show |
+| `snapshot.created_at` / `trigger_type` | when the audit ran |
+
+Concerns are sorted by decision-impact, not severity. Position 1 is the bullet to lead with.
+
+### Step 3: Surface to the user
+
+Lead with score + trajectory in **one sentence**, then the top concerns. Do not dump the full JSON. Format:
+
+```
+Score: 82/100 (+5 since yesterday) · band: strong
+
+Top concerns:
+  ↓ [Security] No API rate limiting on /auth — IP cap missing
+  ↓ [Infrastructure] webhook handler at api/stripe.ts — signature verified, but no
+    idempotency-key check (replay attack window open)
+
+Want me to fix the webhook idempotency gap first?
+```
+
+Rules:
+- Use the exact bullet from `concerns[].bullet` — the audit engine already wrote action-oriented copy.
+- Don't list strengths unless the user explicitly asks. They're not actionable in this context.
+- Always end with a follow-up question that names a specific concern. Don't ask "what do you want to do?" — ask "fix X first?".
+- If `score.delta_since_last` is negative or null, lead with the absolute score only.
+
+### Step 4: If the user picks a concern, scope a fix
+
+For the chosen concern:
+1. Read the file(s) cited in the bullet.
+2. Confirm the gap matches the description (the engine occasionally over-flags when the issue is mitigated elsewhere).
+3. Propose a minimal patch — single-file when possible.
+4. **Don't apply without explicit approval.** Show the diff first. The user is deciding what to ship; you're a lens.
+
+After applying a fix, suggest re-running with `--refresh` (same canonical form as Step 1, so `audit.json` stays the source of truth for delta calculations):
+
+```bash
+mkdir -p .commitshow
+npx commitshow@^0.3.23 audit . --json --refresh \
+  > .commitshow/audit.json \
+  2> .commitshow/audit.stderr.log
+```
+
+## Examples
+
+### Example 1: User asks "is this production-ready?"
+
+```bash
+mkdir -p .commitshow
+npx commitshow@^0.3.23 audit . --json \
+  > .commitshow/audit.json \
+  2> .commitshow/audit.stderr.log
+```
+
+Then surface:
+
+```
+Score: 67/100 · band: mid
+
+Top concerns:
+  ↓ [Security] members table uses column-level GRANT but paid_audits_credit
+    column lacks SELECT grant — silent 42501 on every read
+  ↓ [Infrastructure] stripe.checkout.sessions.create called without
+    idempotencyKey — duplicate-charge surface
+
+Want me to fix the column GRANT first? Single SQL line.
+```
+
+### Example 2: Cross-check a specific concern
+
+User: "show me where the webhook idempotency gap is"
+
+```bash
+cat .commitshow/audit.json | jq '.concerns[] | select(.axis=="Infrastructure")'
+```
+
+Find the file path in the bullet, read it, confirm the gap matches.
+
+## Best Practices
+
+- ✅ Always cite the exact bullet from `concerns[].bullet` — they're already action-oriented
+- ✅ Lead with score + delta in a single sentence, then concerns
+- ✅ End with a specific follow-up question naming a concern
+- ✅ Read prior `.commitshow/audit.json` before re-running (within 1h)
+- ✅ Use `--refresh` after the user merges a fix so the next audit reflects it
+- ❌ Don't dump full JSON to the user
+- ❌ Don't list strengths unless the user explicitly asks
+- ❌ Don't apply fixes without approval — show diff first
+- ❌ Don't fault private repos for not auditing — explain why and suggest making public
+
+## Limitations
+
+- This skill does not replace environment-specific validation, testing, or expert review.
+- The audit engine is calibrated for **deployed apps** with a live URL. CLI / library / scaffold form gets a partial-substitute score (max ~45/50 on the audit pillar) — fair but not flattering.
+- Behind a corporate firewall blocking `*.supabase.co`, the API call fails. There is no offline mode — the audit relies on the public engine.
+- Cold audit takes 60-90s. Cached audits (within 7 days) return instantly. `--refresh` force-bypasses cache (counts against rate limits).
+
+## Security & Safety Notes
+
+- The skill executes `npx commitshow@latest audit ...` which is a network call to a public API at `https://api.commit.show` (proxied to Supabase Edge Functions). No credentials are sent — anonymous usage subject to per-IP / per-URL / global rate limits.
+- The CLI writes `.commitshow/audit.{md,json}` in the current working directory. These files are safe to commit (no secrets) but conventionally gitignored as transient artifacts.
+- The audit engine **only reads** public GitHub signals. It does not modify the user's repo or push commits.
+- All per-finding fix proposals must be shown as diffs and approved by the user before any edit. Never apply without explicit confirmation.
+
+## Common Pitfalls
+
+- **Problem:** Audit returns `not_found` for a private repo
+  **Solution:** The engine pulls public GitHub signals only. Either make the repo public or use `--no-network` for local-only deterministic checks.
+
+- **Problem:** Rate limit hit (`429`)
+  **Solution:** Wait until next day (limits reset 00:00 UTC) or sign in at commit.show for higher per-repo caps.
+
+- **Problem:** Score seems too low for a polished library / CLI
+  **Solution:** The engine biases toward app form. CLI / library / scaffold gets a partial substitute score capped around 45/50 on the audit pillar. Calibration acknowledged trade-off.
+
+- **Problem:** `concerns[]` is empty after re-running
+  **Solution:** Re-audit may have hit cache. Use `--refresh` to force-bypass.
+
+## Related Skills
+
+- `@security-review` — In-session line-level security patterns. Run alongside this skill, not in place of.
+- `@vibesec` — Editor-buffer security review for vibe-coded projects. Different lens.
+- `@owasp-security` — OWASP Top 10 coverage during coding. Companion.
+- `@trail-of-bits-skills` — CodeQL / Semgrep static analysis. Different layer.
+
+## Additional Resources
+
+- Canonical repo: <https://github.com/commitshow/production-audit>
+- Audit engine source: <https://github.com/commitshow/commitshow/blob/main/supabase/functions/analyze-project/index.ts>
+- 14-frame failure framework documented in the engine source above.
+- JSON schema: stable at `schema_version: "1"` · additive-only changes.
+- CLI: <https://github.com/commitshow/cli>
+- Public REST API: `https://api.commit.show/audit?repo=...&format=json`
+- skills.sh listing: <https://skills.sh/commitshow/production-audit>

package/bundled-skills/recursive-context-pruning-token-budgeting/SKILL.md

@@ -0,0 +1,108 @@
+---
+name: recursive-context-pruning-token-budgeting
+description: "Optimizes AI agent performance by pruning redundant context, managing token usage, and enforcing ultra-concise, direct-to-value responses."
+category: prompt-engineering
+risk: safe
+source: self
+source_repo: Kench001/antigravity-awesome-skills
+source_type: self
+date_added: "2026-05-03"
+author: Kench001
+tags: [efficiency, token-optimization, brevity, context-management]
+tools: [claude, cursor, gemini]
+# Optional: declare the upstream license if source_repo is set
+# license: "MIT"
+# license_source: "https://github.com/owner/repo/blob/main/LICENSE"
+---
+
+# Recursive Context Pruning & Token Budgeting
+
+## Overview
+
+This skill implements a "Gatekeeper" logic to prevent context window bloat and unnecessary token expenditure. It ensures the agent only processes relevant data shards and adheres to an Atomic Precision protocol—delivering functional answers with zero conversational filler. By recursively summarizing state and stripping "bridge phrases," it maximizes the longevity and speed of long-running development workflows.
+
+## When to Use This Skill
+
+- Use when building multi-step agents to prevent repetition and "memory drift" in long conversations.
+- Use when working with large document sets or codebases to avoid dumping entire files into the prompt.
+- Use when you need purely functional output (code/logic) without "Sure! Here is your..." intros.
+
+## How It Works
+
+### Step 1: Metadata Sharding
+
+Scan the available data for headers, summaries, and key indicators. Create a "map" of the context rather than injecting the full source. Never pull the entire file into the prompt unless a specific, narrowed fragment is requested.
+
+### Step 2: Token Budget Allocation
+
+Calculate a "Safe Response Limit" based on the current context window. Allocate 30% for current logic processing, 20% for immediate output, and 50% for a future context buffer.
+
+### Step 3: Atomic Output Filtering
+
+Strip all "Bridge Phrases" (e.g., "I've updated the code," "Based on your request," "Sure"). Start the response immediately with the solution or the code block.
+
+### Step 4: Ambiguity Check
+
+Before executing Step 3, scan for missing critical variables (e.g., specific file names or environment types). If the prompt is too ambiguous, bypass the atomic output and generate exactly one concise question to resolve the blocker.
+
+### Step 5: Abstractive Compression
+
+Summarize the current turn into a "compressed state string" (e.g., `[Project: Feasify | State: Auth-Fixed | Remaining-Tasks: 2]`) to discard redundant conversational data before the next prompt.
+
+## Examples
+
+### Example 1: Filtered Code Output (No Filler)
+
+```text
+User: "Update the Firebase config to use environment variables."
+```
+
+```javascript
+const firebaseConfig = {
+  apiKey: process.env.VITE_FIREBASE_API_KEY,
+  authDomain: process.env.VITE_FIREBASE_AUTH_DOMAIN,
+  projectId: process.env.VITE_FIREBASE_PROJECT_ID
+};
+```
+
+### Example 2: Essential Clarification
+
+```text
+User: "Deploy the function."
+```
+
+```text
+"Specify environment: production or staging?"
+```
+
+## Best Practices
+
+- ✅ **Direct Start:** Place the code or answer at the very first character of the response.
+- ✅ **Summarize-as-you-go:** Turn 10 pages of discussion into 5 bullet points for the next turn.
+- ✅ **Omit Signatures:** Never end with "Let me know if you need more help."
+- ❌ **No Bridge Phrases:** Avoid "Here is the code," "Sure," or "I can help with that."
+- ❌ **No Guessing:** If input is missing, ask immediately rather than wasting tokens on a generic guess.
+
+## Limitations
+
+- This skill does not replace environment-specific validation, testing, or expert review.
+- Extreme brevity can occasionally hide important nuances; use concise inline comments (`// crucial step`) for critical notes.
+
+## Security & Safety Notes
+
+- Never prune safety headers, environment-specific security constraints, or system-level instructions during the compression stage.
+- Maintain original system instructions at the "Root" of the context to prevent context-loss-based jailbreaks.
+
+## Common Pitfalls
+
+- **Problem:** The response is so brief it lacks the context needed for implementation.
+  **Solution:** Use concise inline code comments instead of separate paragraphs of text.
+
+- **Problem:** The agent loses the overarching goal due to over-compression.
+  **Solution:** Always pin the "Primary Objective" to the top of every pruned prompt.
+
+## Related Skills
+
+- `@atomic-precision-response` - Specifically for removing conversational filler.
+- `@context-sharding` - For managing large-scale documentation mapping.
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-skills-collection",
-  "version": "3.0.4",
+  "version": "3.0.5",
   "description": "OpenCode CLI plugin that automatically downloads and keeps skills up to date.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/skills_index.json

@@ -22442,6 +22442,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "production-audit",
+    "path": "skills/production-audit",
+    "category": "security",
+    "name": "production-audit",
+    "description": "Audit a shipped repo for production-readiness gaps across RLS, webhooks, secrets, grants, Stripe idempotency, mobile UX, and deployment health.",
+    "risk": "safe",
+    "source": "community",
+    "date_added": "2026-05-04",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "none",
+        "summary": "",
+        "docs": null
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "production-code-audit",
     "path": "skills/production-code-audit",
@@ -23566,6 +23588,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "recursive-context-pruning-token-budgeting",
+    "path": "skills/recursive-context-pruning-token-budgeting",
+    "category": "prompt-engineering",
+    "name": "recursive-context-pruning-token-budgeting",
+    "description": "Optimizes AI agent performance by pruning redundant context, managing token usage, and enforcing ultra-concise, direct-to-value responses.",
+    "risk": "safe",
+    "source": "self",
+    "date_added": "2026-05-03",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "none",
+        "summary": "",
+        "docs": null
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "red-team-tactics",
     "path": "skills/red-team-tactics",