npm - reskill - Versions diffs - 1.16.0-beta.1 → 1.16.0 - Mend

reskill 1.16.0-beta.1 → 1.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli/commands/publish.d.ts.map +1 -1
package/dist/cli/index.js +871 -870
package/dist/core/content-scanner.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/scanner.js +1 -0
package/package.json +1 -1

package/dist/cli/index.js CHANGED Viewed

@@ -7483,955 +7483,956 @@ const logoutCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('logout'
     }
 });
 /**
- * Publisher - Handle Git information and publish payload building
+ * ContentScanner - Detect malicious patterns in SKILL.md content
  *
- * Extracts Git metadata and builds the payload for publishing to registry.
- */ class PublishError extends Error {
-    constructor(message){
-        super(message);
-        this.name = 'PublishError';
-    }
-}
-// ============================================================================
-// Publisher Class
+ * Features:
+ * - Context-aware: skips safe zones (frontmatter, code blocks, quotes, blockquotes)
+ * - 6 built-in detection rules across 3 risk levels
+ * - Configurable: override levels, disable rules, add custom rules
+ * - Pure string operations in scan() — no fs dependency, suitable for server use
+ * - scanFile() convenience method for CLI use
+ */ // ============================================================================
+// Safe Zone Masking
 // ============================================================================
-class Publisher {
-    /**
-   * Get Git information from a skill directory
-   */ async getGitInfo(skillPath, specifiedTag) {
-        const info = {
-            isRepo: false,
-            remoteUrl: null,
-            currentBranch: null,
-            currentCommit: null,
-            commitDate: null,
-            tag: null,
-            tagCommit: null,
-            isDirty: false,
-            sourceRef: null
-        };
-        // Check if it's a git repository
-        try {
-            (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git rev-parse --git-dir', {
-                cwd: skillPath,
-                stdio: 'pipe'
-            });
-            info.isRepo = true;
-        } catch  {
-            return info;
-        }
-        // Get remote URL
-        try {
-            info.remoteUrl = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git remote get-url origin', {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim();
-            // Parse to sourceRef format
-            info.sourceRef = this.parseRemoteToSourceRef(info.remoteUrl);
-        } catch  {
-        // No remote configured
-        }
-        // Get current branch
-        try {
-            info.currentBranch = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git branch --show-current', {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim() || null;
-        } catch  {
-        // Detached HEAD or other error
-        }
-        // Get current commit
-        try {
-            info.currentCommit = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git rev-parse HEAD', {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim();
-            // Get commit date
-            info.commitDate = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git show -s --format=%cI HEAD', {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim();
-        } catch  {
-        // No commits yet
-        }
-        // Get tag
-        if (specifiedTag) // Use specified tag
-        try {
-            info.tagCommit = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)(`git rev-parse "${specifiedTag}^{commit}"`, {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim();
-            info.tag = specifiedTag;
-        } catch  {
-            throw new PublishError(`Tag "${specifiedTag}" not found`);
-        }
-        else // Try to get tag on current commit
-        try {
-            const tag = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git describe --exact-match --tags HEAD', {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim();
-            info.tag = tag;
-            info.tagCommit = info.currentCommit;
-        } catch  {
-        // No tag on current commit
+/**
+ * Mask safe zones in Markdown content with spaces, preserving line structure.
+ *
+ * Safe zones (content replaced with spaces):
+ * - YAML frontmatter (`---` ... `---` at file start)
+ * - Fenced code blocks (``` or ~~~)
+ * - Indented code blocks (4 spaces / tab after blank line)
+ * - Blockquotes (`> ` prefix)
+ * - Inline code (`` `...` ``)
+ * - Double-quoted text (`"..."`, min 3 chars between quotes)
+ *
+ * Line breaks are preserved so line numbers remain correct.
+ */ function maskSafeZones(content) {
+    const lines = content.split('\n');
+    const result = [];
+    let inFrontmatter = false;
+    let inFencedCode = false;
+    let fenceChar = '';
+    let fenceLength = 0;
+    let prevLineBlank = false;
+    let prevLineIndentedCode = false;
+    for(let i = 0; i < lines.length; i++){
+        const line = lines[i];
+        // --- YAML Frontmatter (only at file start) ---
+        if (0 === i && '---' === line.trim()) {
+            inFrontmatter = true;
+            result.push(maskLine(line));
+            continue;
         }
-        // Check if working tree is dirty
-        try {
-            const status = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git status --porcelain', {
-                cwd: skillPath,
-                encoding: 'utf-8'
-            }).trim();
-            info.isDirty = status.length > 0;
-        } catch  {
-        // Ignore errors
+        if (inFrontmatter) {
+            result.push(maskLine(line));
+            if ('---' === line.trim()) inFrontmatter = false;
+            continue;
         }
-        return info;
-    }
-    /**
-   * Parse remote URL to sourceRef format (e.g., github:user/repo)
-   */ parseRemoteToSourceRef(remoteUrl) {
-        // SSH format: git@github.com:user/repo.git
-        const sshMatch = remoteUrl.match(/^git@([^:]+):([^/]+)\/(.+?)(\.git)?$/);
-        if (sshMatch) {
-            const [, host, owner, repo] = sshMatch;
-            const registry = this.normalizeHost(host);
-            return `${registry}:${owner}/${repo.replace(/\.git$/, '')}`;
+        // --- Fenced code blocks (``` or ~~~) ---
+        const fenceMatch = line.match(/^(`{3,}|~{3,})/);
+        if (!inFencedCode && fenceMatch) {
+            inFencedCode = true;
+            fenceChar = fenceMatch[1][0];
+            fenceLength = fenceMatch[1].length;
+            result.push(maskLine(line));
+            prevLineBlank = false;
+            prevLineIndentedCode = false;
+            continue;
         }
-        // HTTPS format: https://github.com/user/repo.git
-        const httpsMatch = remoteUrl.match(/^https?:\/\/([^/]+)\/([^/]+)\/(.+?)(\.git)?$/);
-        if (httpsMatch) {
-            const [, host, owner, repo] = httpsMatch;
-            const registry = this.normalizeHost(host);
-            return `${registry}:${owner}/${repo.replace(/\.git$/, '')}`;
+        if (inFencedCode) {
+            result.push(maskLine(line));
+            const closeMatch = line.match(/^(`{3,}|~{3,})\s*$/);
+            if (closeMatch && closeMatch[1][0] === fenceChar && closeMatch[1].length >= fenceLength) inFencedCode = false;
+            prevLineBlank = false;
+            prevLineIndentedCode = false;
+            continue;
         }
-        return null;
-    }
-    /**
-   * Normalize host to registry name
-   */ normalizeHost(host) {
-        if ('github.com' === host) return 'github';
-        if ('gitlab.com' === host) return 'gitlab';
-        return host;
-    }
-    /**
-   * Build publish payload
-   */ buildPayload(skill, gitInfo, integrity) {
-        const { skillJson, skillMd, readme, files } = skill;
-        const payload = {
-            version: skillJson.version,
-            description: skillJson.description || '',
-            gitRef: gitInfo.tag || gitInfo.currentCommit || 'HEAD',
-            gitCommit: gitInfo.tagCommit || gitInfo.currentCommit || '',
-            gitCommitDate: gitInfo.commitDate || void 0,
-            repositoryUrl: gitInfo.remoteUrl || '',
-            sourceRef: gitInfo.sourceRef || '',
-            skillJson,
-            files,
-            entry: skillJson.entry || 'SKILL.md',
-            integrity
-        };
-        // Add optional fields
-        if (skillMd) payload.skillMd = {
-            name: skillMd.name,
-            description: skillMd.description,
-            license: skillMd.license,
-            compatibility: skillMd.compatibility,
-            allowedTools: skillMd.allowedTools
-        };
-        if (readme) payload.readmePreview = readme;
-        if (skillJson.keywords && skillJson.keywords.length > 0) payload.keywords = skillJson.keywords;
-        if (skillJson.compatibility) {
-            // Filter out undefined values from compatibility
-            const compat = {};
-            for (const [key, value] of Object.entries(skillJson.compatibility))if (void 0 !== value) compat[key] = value;
-            if (Object.keys(compat).length > 0) payload.compatibility = compat;
+        // --- Blockquote ---
+        if (/^>\s?/.test(line)) {
+            result.push(maskLine(line));
+            prevLineBlank = false;
+            prevLineIndentedCode = false;
+            continue;
         }
-        return payload;
-    }
-    /**
-   * Format bytes for display
-   */ formatBytes(bytes) {
-        if (bytes < 1024) return `${bytes} B`;
-        if (bytes < 1048576) return `${(bytes / 1024).toFixed(1)} KB`;
-        return `${(bytes / 1048576).toFixed(1)} MB`;
-    }
-    /**
-   * Calculate total size of files
-   */ calculateTotalSize(skillPath, files) {
-        let total = 0;
-        for (const file of files){
-            const filePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, file);
-            if (external_node_fs_.existsSync(filePath)) {
-                const stats = external_node_fs_.statSync(filePath);
-                total += stats.size;
-            }
+        // --- Indented code block (4 spaces or tab, after blank line) ---
+        if (/^(?:    |\t)/.test(line) && (prevLineBlank || prevLineIndentedCode)) {
+            result.push(maskLine(line));
+            prevLineBlank = false;
+            prevLineIndentedCode = true;
+            continue;
         }
-        return total;
+        // --- Normal line: mask inline code and double-quoted text ---
+        result.push(maskInline(line));
+        prevLineBlank = '' === line.trim();
+        prevLineIndentedCode = false;
     }
+    return result.join('\n');
+}
+/** Replace all characters in a line with spaces (preserving length) */ function maskLine(line) {
+    return ' '.repeat(line.length);
 }
 /**
- * SkillValidator - Validate skills for publishing
- *
- * Following agentskills.io specification: https://agentskills.io/specification
- *
- * Key points:
- * - SKILL.md is the SOLE source of metadata (name, description, version, etc.)
- * - skill.json is NOT used - all metadata comes from SKILL.md frontmatter
- * - Version defaults to "0.0.0" if not specified in SKILL.md
- */ // ============================================================================
-// Constants
-// ============================================================================
-const MAX_NAME_LENGTH = 64;
-const MAX_DESCRIPTION_LENGTH = 1024;
-const MAX_KEYWORDS = 10;
-const SINGLE_CHAR_NAME_PATTERN = /^[a-z0-9]$/;
-const DEFAULT_VERSION = '0.0.0';
-// Default files to include in publish
-const DEFAULT_FILES = [
-    'SKILL.md',
-    'README.md',
-    'LICENSE'
-];
+ * Mask inline code (`` `...` ``) and double-quoted text (`"..."`) within a line.
+ * Uses regex replacement for efficiency (avoids char-by-char concatenation on long lines).
+ * Single quotes are NOT masked to avoid false matches with apostrophes.
+ */ function maskInline(line) {
+    let result = line;
+    // Inline code: `...`
+    result = result.replace(/`[^`]+`/g, (m)=>' '.repeat(m.length));
+    // Double-quoted text: "..." (min 3 chars between quotes)
+    result = result.replace(/"[^"]{3,}"/g, (m)=>' '.repeat(m.length));
+    return result;
+}
 // ============================================================================
-// SkillValidator Class
+// Rule Helpers
 // ============================================================================
-class SkillValidator {
-    /**
-   * Validate skill name format
-   *
-   * Requirements:
-   * - Lowercase letters, numbers, and hyphens only
-   * - 1-64 characters
-   * - Cannot start or end with hyphen
-   * - Cannot have consecutive hyphens
-   */ validateName(name) {
-        const errors = [];
-        if (!name) {
-            errors.push({
-                field: 'name',
-                message: 'Skill name is required',
-                suggestion: 'Add "name" field to SKILL.md frontmatter'
-            });
-            return {
-                valid: false,
-                errors,
-                warnings: []
-            };
-        }
-        if (name.length > MAX_NAME_LENGTH) errors.push({
-            field: 'name',
-            message: `Skill name must be at most ${MAX_NAME_LENGTH} characters`,
-            suggestion: `Shorten the name to ${MAX_NAME_LENGTH} characters or less`
-        });
-        // Check for uppercase
-        if (/[A-Z]/.test(name)) errors.push({
-            field: 'name',
-            message: 'Skill name must be lowercase',
-            suggestion: `Change "${name}" to "${name.toLowerCase()}"`
-        });
-        // Check for invalid characters
-        if (/[^a-z0-9-]/.test(name)) errors.push({
-            field: 'name',
-            message: 'Skill name can only contain lowercase letters, numbers, and hyphens',
-            suggestion: 'Remove special characters from the name'
+/** Find lines matching any of the given patterns, return one match per line */ function findLineMatches(content, patterns) {
+    const lines = content.split('\n');
+    const matches = [];
+    for(let i = 0; i < lines.length; i++)for (const pattern of patterns)if (pattern.test(lines[i])) {
+        matches.push({
+            line: i + 1
         });
-        // Check pattern for multi-char names
-        if (1 === name.length) {
-            if (!SINGLE_CHAR_NAME_PATTERN.test(name)) errors.push({
-                field: 'name',
-                message: 'Single character name must be a lowercase letter or number'
-            });
-        } else if (name.length > 1) {
-            // Check start/end with hyphen
-            if (name.startsWith('-')) errors.push({
-                field: 'name',
-                message: 'Skill name cannot start with a hyphen'
-            });
-            if (name.endsWith('-')) errors.push({
-                field: 'name',
-                message: 'Skill name cannot end with a hyphen'
-            });
-            // Check consecutive hyphens
-            if (/--/.test(name)) errors.push({
-                field: 'name',
-                message: 'Skill name cannot contain consecutive hyphens'
-            });
-        }
-        return {
-            valid: 0 === errors.length,
-            errors,
-            warnings: []
-        };
+        break;
     }
-    /**
-   * Validate version format (semver)
-   */ validateVersion(version) {
-        const errors = [];
-        if (!version) {
-            errors.push({
-                field: 'version',
-                message: 'Version is required',
-                suggestion: 'Add "version" field to SKILL.md frontmatter (e.g., "1.0.0")'
+    return matches;
+}
+// ============================================================================
+// Default Rules
+// ============================================================================
+const SNIPPET_MAX_LENGTH = 120;
+/** Built-in detection rules */ const DEFAULT_RULES = [
+    // Rule 1: Prompt Injection (high)
+    {
+        id: 'prompt-injection',
+        level: 'high',
+        message: 'Detected prompt injection attempt',
+        skipSafeZones: true,
+        check: (content)=>findLineMatches(content, [
+                // English patterns
+                /ignore\s+(all\s+)?previous\s+instructions/i,
+                /disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
+                /you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
+                /from\s+now\s+on[,\s]+you\s+are/i,
+                /new\s+system\s+prompt/i,
+                /override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
+                /forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
+                /(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
+                // Chinese patterns (中文提示词注入)
+                /[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
+                /你现在是/,
+                /从现在开始.{0,10}你是/,
+                /新的系统提示词/,
+                /[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
+                /忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
+                /进入.{0,5}新的?\s*(模式|上下文|会话)/,
+                /不要遵守.{0,10}(安全|限制|规则|约束)/,
+                /解除.{0,5}(限制|约束|安全)/,
+                /无限制模式/,
+                /安全模式已关闭/
+            ])
+    },
+    // Rule 2: Data Exfiltration (high)
+    {
+        id: 'data-exfiltration',
+        level: 'high',
+        message: 'Detected potential data exfiltration command',
+        skipSafeZones: true,
+        check: (content)=>{
+            const lines = content.split('\n');
+            const matches = [];
+            const commandPattern = /\b(curl|wget|fetch|http\.post|requests\.post|nc\b|ncat|netcat)\b/i;
+            const sensitivePattern = /(\$[A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|AUTH)[A-Z_]*|\$ENV\b|\$\{[^}]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)[^}]*\})/i;
+            for(let i = 0; i < lines.length; i++)if (commandPattern.test(lines[i]) && sensitivePattern.test(lines[i])) matches.push({
+                line: i + 1
             });
-            return {
-                valid: false,
-                errors,
-                warnings: []
-            };
+            return matches;
         }
-        // Check for v prefix
-        if (version.startsWith('v')) {
-            errors.push({
-                field: 'version',
-                message: 'Version should not have "v" prefix',
-                suggestion: `Change "${version}" to "${version.slice(1)}"`
+    },
+    // Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
+    {
+        id: 'obfuscation',
+        level: 'high',
+        message: 'Detected content obfuscation',
+        skipSafeZones: false,
+        check: (content)=>{
+            const matches = [];
+            const lines = content.split('\n');
+            // Zero-width characters (suspicious in any context)
+            const zeroWidthPattern = /[\u200B\u200C\u200D\uFEFF\u2060\u180E]/;
+            for(let i = 0; i < lines.length; i++)if (zeroWidthPattern.test(lines[i])) matches.push({
+                line: i + 1,
+                snippet: 'Zero-width Unicode characters detected'
             });
-            return {
-                valid: false,
-                errors,
-                warnings: []
-            };
-        }
-        if (!__WEBPACK_EXTERNAL_MODULE_semver__.valid(version)) errors.push({
-            field: 'version',
-            message: `Invalid version format: "${version}". Must follow semver (x.y.z)`,
-            suggestion: 'Use format like "1.0.0" or "1.0.0-beta.1"'
-        });
-        return {
-            valid: 0 === errors.length,
-            errors,
-            warnings: []
-        };
-    }
-    /**
-   * Validate description
-   *
-   * Following agentskills.io specification:
-   * - Max 1024 characters
-   * - Non-empty
-   */ validateDescription(description) {
-        const errors = [];
-        if (!description) {
-            errors.push({
-                field: 'description',
-                message: 'Description is required',
-                suggestion: 'Add "description" field to SKILL.md frontmatter'
+            // Long base64-like strings (>200 continuous chars)
+            const base64Pattern = /[A-Za-z0-9+/=]{200,}/;
+            for(let i = 0; i < lines.length; i++)if (base64Pattern.test(lines[i])) matches.push({
+                line: i + 1,
+                snippet: 'Suspicious base64-encoded block detected'
             });
-            return {
-                valid: false,
-                errors,
-                warnings: []
-            };
+            // Large HTML comments (>200 chars of content)
+            const commentRegex = /<!--([\s\S]{200,}?)-->/g;
+            let match;
+            // biome-ignore lint/suspicious/noAssignInExpressions: standard regex exec loop
+            while(null !== (match = commentRegex.exec(content))){
+                const lineNum = content.slice(0, match.index).split('\n').length;
+                matches.push({
+                    line: lineNum,
+                    snippet: `Large HTML comment block (${match[1].length} chars)`
+                });
+            }
+            return matches;
         }
-        if (description.length > MAX_DESCRIPTION_LENGTH) errors.push({
-            field: 'description',
-            message: `Description must be at most ${MAX_DESCRIPTION_LENGTH} characters`
-        });
-        // Note: angle brackets are allowed per agentskills.io spec
-        return {
-            valid: 0 === errors.length,
-            errors,
-            warnings: []
-        };
-    }
-    /**
-   * Load skill information from directory
-   *
-   * Following agentskills.io specification:
-   * - SKILL.md is the SOLE source of metadata
-   * - skillJson is synthesized from SKILL.md for backward compatibility with publish API
-   */ loadSkill(skillPath) {
-        const result = {
-            path: skillPath,
-            skillJson: null,
-            skillMd: null,
-            readme: null,
-            files: []
-        };
-        // Load SKILL.md (sole source of metadata)
-        const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, 'SKILL.md');
-        if (external_node_fs_.existsSync(skillMdPath)) try {
-            result.skillMd = parseSkillMdFile(skillMdPath);
-            // Always synthesize skillJson from SKILL.md for backward compatibility
-            if (result.skillMd) result.skillJson = this.synthesizeSkillJson(result.skillMd);
-        } catch  {
-        // Will be caught in validation
+    },
+    // Rule 4: Sensitive File Access (medium)
+    {
+        id: 'sensitive-file-access',
+        level: 'medium',
+        message: 'References sensitive file path',
+        skipSafeZones: true,
+        check: (content)=>findLineMatches(content, [
+                /~\/\.ssh\b/,
+                /~\/\.aws\b/,
+                /~\/\.gnupg\b/,
+                /~\/\.config\/gcloud\b/,
+                /\bid_rsa\b/i,
+                /\bid_ed25519\b/i,
+                /\/etc\/passwd\b/,
+                /\/etc\/shadow\b/,
+                /\.env\b(?!\.\w)/
+            ])
+    },
+    // Rule 5: Stealth Instructions (medium) — phrase + action verb matching
+    {
+        id: 'stealth-instructions',
+        level: 'medium',
+        message: 'Detected instruction to hide actions from user',
+        skipSafeZones: true,
+        check: (content)=>{
+            const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
+            const patterns = [
+                // English patterns
+                new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
+                new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
+                new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
+                new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
+                new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
+                new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
+                // Chinese patterns (中文隐蔽指令)
+                /悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
+                /不要告诉用户/,
+                /不要让用户知道/,
+                /对用户隐藏/,
+                /在用户不知情的情况下/,
+                /瞒着用户/
+            ];
+            // Safe patterns to exclude (common in legitimate DevOps/automation skills)
+            const safePatterns = [
+                /silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
+                // Chinese safe patterns (中文合法自动化用语)
+                /悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
+            ];
+            const lines = content.split('\n');
+            const matches = [];
+            for(let i = 0; i < lines.length; i++){
+                const line = lines[i];
+                if (!safePatterns.some((p)=>p.test(line))) {
+                    for (const pattern of patterns)if (pattern.test(line)) {
+                        matches.push({
+                            line: i + 1
+                        });
+                        break;
+                    }
+                }
+            }
+            return matches;
         }
-        // Load README.md
-        const readmePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, 'README.md');
-        if (external_node_fs_.existsSync(readmePath)) {
-            const content = external_node_fs_.readFileSync(readmePath, 'utf-8');
-            // Only keep first 500 chars as preview
-            result.readme = content.slice(0, 500);
+    },
+    // Rule 6: Oversized Content (low) — scans ALL content
+    {
+        id: 'oversized-content',
+        level: 'low',
+        message: 'Content exceeds recommended size limit',
+        skipSafeZones: false,
+        check: (content)=>{
+            const MAX_SIZE_BYTES = 51200;
+            const sizeBytes = Buffer.byteLength(content, 'utf-8');
+            if (sizeBytes > MAX_SIZE_BYTES) return [
+                {
+                    snippet: `Content size: ${(sizeBytes / 1024).toFixed(1)}KB (limit: 50KB)`
+                }
+            ];
+            return [];
         }
-        // Scan files (use files array from SKILL.md metadata if available)
-        const filesPattern = result.skillMd?.metadata?.files;
-        result.files = this.scanFiles(skillPath, filesPattern);
-        return result;
+    }
+];
+// ============================================================================
+// ContentScanner
+// ============================================================================
+/** Build the effective rule set from defaults + options */ function buildRuleSet(options) {
+    let rules = DEFAULT_RULES.map((r)=>({
+            ...r
+        }));
+    if (options?.disabledRules?.length) {
+        const disabled = new Set(options.disabledRules);
+        rules = rules.filter((r)=>!disabled.has(r.id));
+    }
+    if (options?.overrides) for (const rule of rules){
+        const override = options.overrides[rule.id];
+        if (override) rule.level = override;
+    }
+    if (options?.customRules?.length) rules.push(...options.customRules);
+    return rules;
+}
+/**
+ * Content scanner for SKILL.md files.
+ *
+ * Detects prompt injection, data exfiltration, obfuscation, sensitive file
+ * access, stealth instructions, and oversized content.
+ *
+ * @example
+ * ```typescript
+ * // Default usage (CLI)
+ * const scanner = new ContentScanner();
+ * const result = scanner.scan(content);
+ *
+ * // Custom usage (private registry server)
+ * const scanner = new ContentScanner({
+ *   overrides: { 'prompt-injection': 'medium' },
+ *   disabledRules: ['stealth-instructions'],
+ * });
+ * ```
+ */ class ContentScanner {
+    rules;
+    constructor(options){
+        this.rules = buildRuleSet(options);
     }
     /**
-   * Synthesize a SkillJson object from SKILL.md frontmatter
-   *
-   * This creates a SkillJson representation from SKILL.md for backward compatibility
-   * with the publish API. All metadata comes from SKILL.md.
-   */ synthesizeSkillJson(skillMd) {
-        // Extract version: first from top-level frontmatter, then from metadata, then default
-        const version = skillMd.version || skillMd.metadata?.version || DEFAULT_VERSION;
-        // Only include keywords if it's a valid array
-        const keywords = Array.isArray(skillMd.metadata?.keywords) ? skillMd.metadata.keywords : void 0;
+   * Scan content string for malicious patterns.
+   * Pure string operation — no file system access.
+   */ scan(content) {
+        const originalLines = content.split('\n');
+        const maskedContent = maskSafeZones(content);
+        const findings = [];
+        for (const rule of this.rules){
+            const targetContent = rule.skipSafeZones ? maskedContent : content;
+            const matches = rule.check(targetContent);
+            for (const match of matches){
+                // Use custom snippet if provided, otherwise generate from original content
+                const snippet = match.snippet ?? (null != match.line ? originalLines[match.line - 1]?.trim().slice(0, SNIPPET_MAX_LENGTH) : void 0);
+                findings.push({
+                    rule: rule.id,
+                    level: rule.level,
+                    message: rule.message,
+                    line: match.line,
+                    snippet
+                });
+            }
+        }
+        const hasHighRisk = findings.some((f)=>'high' === f.level);
         return {
-            name: skillMd.name,
-            version,
-            description: skillMd.description,
-            license: skillMd.license,
-            keywords,
-            entry: 'SKILL.md'
+            passed: !hasHighRisk,
+            findings
         };
     }
     /**
-   * Scan files to include in publish
-   *
-   * If includePatterns is specified, only include those files/directories.
-   * Otherwise, scan all files in the directory (excluding ignored patterns).
-   */ scanFiles(skillPath, includePatterns) {
-        const files = [];
-        const seen = new Set();
-        // If includePatterns specified, use selective scanning
-        if (includePatterns && includePatterns.length > 0) {
-            // Add default files first
-            for (const file of DEFAULT_FILES){
-                const filePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, file);
-                if (external_node_fs_.existsSync(filePath) && !seen.has(file)) {
-                    files.push(file);
-                    seen.add(file);
-                }
-            }
-            // Add files from SKILL.md metadata.files array
-            for (const pattern of includePatterns){
-                const targetPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, pattern);
-                if (external_node_fs_.existsSync(targetPath)) {
-                    const stat = external_node_fs_.statSync(targetPath);
-                    if (stat.isDirectory()) // Recursively add all files in directory
-                    this.addFilesFromDir(skillPath, pattern, files, seen);
-                    else if (!seen.has(pattern)) {
-                        files.push(pattern);
-                        seen.add(pattern);
-                    }
-                }
-            }
-        } else // No includePatterns: scan entire directory (default behavior)
-        this.addFilesFromDir(skillPath, '', files, seen);
-        return files;
+   * Scan a file for malicious patterns.
+   * Convenience wrapper that reads the file then calls scan().
+   */ scanFile(filePath) {
+        if (!external_node_fs_.existsSync(filePath)) throw new Error(`File not found: ${filePath}`);
+        const content = external_node_fs_.readFileSync(filePath, 'utf-8');
+        return this.scan(content);
+    }
+}
+/**
+ * Publisher - Handle Git information and publish payload building
+ *
+ * Extracts Git metadata and builds the payload for publishing to registry.
+ */ class PublishError extends Error {
+    constructor(message){
+        super(message);
+        this.name = 'PublishError';
     }
+}
+// ============================================================================
+// Publisher Class
+// ============================================================================
+class Publisher {
     /**
-   * Patterns to ignore when scanning directories
-   */ static IGNORE_PATTERNS = [
-        '.git',
-        '.svn',
-        '.hg',
-        'node_modules',
-        '.DS_Store',
-        'Thumbs.db',
-        '.idea',
-        '.vscode',
-        '*.log',
-        '*.tmp',
-        '*.swp',
-        '*.bak'
-    ];
+   * Get Git information from a skill directory
+   */ async getGitInfo(skillPath, specifiedTag) {
+        const info = {
+            isRepo: false,
+            remoteUrl: null,
+            currentBranch: null,
+            currentCommit: null,
+            commitDate: null,
+            tag: null,
+            tagCommit: null,
+            isDirty: false,
+            sourceRef: null
+        };
+        // Check if it's a git repository
+        try {
+            (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git rev-parse --git-dir', {
+                cwd: skillPath,
+                stdio: 'pipe'
+            });
+            info.isRepo = true;
+        } catch  {
+            return info;
+        }
+        // Get remote URL
+        try {
+            info.remoteUrl = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git remote get-url origin', {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim();
+            // Parse to sourceRef format
+            info.sourceRef = this.parseRemoteToSourceRef(info.remoteUrl);
+        } catch  {
+        // No remote configured
+        }
+        // Get current branch
+        try {
+            info.currentBranch = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git branch --show-current', {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim() || null;
+        } catch  {
+        // Detached HEAD or other error
+        }
+        // Get current commit
+        try {
+            info.currentCommit = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git rev-parse HEAD', {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim();
+            // Get commit date
+            info.commitDate = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git show -s --format=%cI HEAD', {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim();
+        } catch  {
+        // No commits yet
+        }
+        // Get tag
+        if (specifiedTag) // Use specified tag
+        try {
+            info.tagCommit = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)(`git rev-parse "${specifiedTag}^{commit}"`, {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim();
+            info.tag = specifiedTag;
+        } catch  {
+            throw new PublishError(`Tag "${specifiedTag}" not found`);
+        }
+        else // Try to get tag on current commit
+        try {
+            const tag = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git describe --exact-match --tags HEAD', {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim();
+            info.tag = tag;
+            info.tagCommit = info.currentCommit;
+        } catch  {
+        // No tag on current commit
+        }
+        // Check if working tree is dirty
+        try {
+            const status = (0, __WEBPACK_EXTERNAL_MODULE_node_child_process__.execSync)('git status --porcelain', {
+                cwd: skillPath,
+                encoding: 'utf-8'
+            }).trim();
+            info.isDirty = status.length > 0;
+        } catch  {
+        // Ignore errors
+        }
+        return info;
+    }
     /**
-   * Check if a file/directory should be ignored
-   */ shouldIgnore(name) {
-        for (const pattern of SkillValidator.IGNORE_PATTERNS)if (pattern.startsWith('*')) {
-            // Wildcard pattern (e.g., *.log)
-            const ext = pattern.slice(1);
-            if (name.endsWith(ext)) return true;
-        } else if (name === pattern) return true;
-        return false;
+   * Parse remote URL to sourceRef format (e.g., github:user/repo)
+   */ parseRemoteToSourceRef(remoteUrl) {
+        // SSH format: git@github.com:user/repo.git
+        const sshMatch = remoteUrl.match(/^git@([^:]+):([^/]+)\/(.+?)(\.git)?$/);
+        if (sshMatch) {
+            const [, host, owner, repo] = sshMatch;
+            const registry = this.normalizeHost(host);
+            return `${registry}:${owner}/${repo.replace(/\.git$/, '')}`;
+        }
+        // HTTPS format: https://github.com/user/repo.git
+        const httpsMatch = remoteUrl.match(/^https?:\/\/([^/]+)\/([^/]+)\/(.+?)(\.git)?$/);
+        if (httpsMatch) {
+            const [, host, owner, repo] = httpsMatch;
+            const registry = this.normalizeHost(host);
+            return `${registry}:${owner}/${repo.replace(/\.git$/, '')}`;
+        }
+        return null;
     }
     /**
-   * Recursively add files from directory
-   */ addFilesFromDir(basePath, dirPath, files, seen) {
-        const fullPath = dirPath ? __WEBPACK_EXTERNAL_MODULE_node_path__.join(basePath, dirPath) : basePath;
-        const entries = external_node_fs_.readdirSync(fullPath, {
-            withFileTypes: true
-        });
-        for (const entry of entries){
-            // Skip ignored files/directories
-            if (this.shouldIgnore(entry.name)) continue;
-            const relativePath = dirPath ? __WEBPACK_EXTERNAL_MODULE_node_path__.join(dirPath, entry.name) : entry.name;
-            if (entry.isDirectory()) this.addFilesFromDir(basePath, relativePath, files, seen);
-            else if (!seen.has(relativePath)) {
-                files.push(relativePath);
-                seen.add(relativePath);
+   * Normalize host to registry name
+   */ normalizeHost(host) {
+        if ('github.com' === host) return 'github';
+        if ('gitlab.com' === host) return 'gitlab';
+        return host;
+    }
+    /**
+   * Build publish payload
+   */ buildPayload(skill, gitInfo, integrity) {
+        const { skillJson, skillMd, readme, files } = skill;
+        const payload = {
+            version: skillJson.version,
+            description: skillJson.description || '',
+            gitRef: gitInfo.tag || gitInfo.currentCommit || 'HEAD',
+            gitCommit: gitInfo.tagCommit || gitInfo.currentCommit || '',
+            gitCommitDate: gitInfo.commitDate || void 0,
+            repositoryUrl: gitInfo.remoteUrl || '',
+            sourceRef: gitInfo.sourceRef || '',
+            skillJson,
+            files,
+            entry: skillJson.entry || 'SKILL.md',
+            integrity
+        };
+        // Add optional fields
+        if (skillMd) payload.skillMd = {
+            name: skillMd.name,
+            description: skillMd.description,
+            license: skillMd.license,
+            compatibility: skillMd.compatibility,
+            allowedTools: skillMd.allowedTools
+        };
+        if (readme) payload.readmePreview = readme;
+        if (skillJson.keywords && skillJson.keywords.length > 0) payload.keywords = skillJson.keywords;
+        if (skillJson.compatibility) {
+            // Filter out undefined values from compatibility
+            const compat = {};
+            for (const [key, value] of Object.entries(skillJson.compatibility))if (void 0 !== value) compat[key] = value;
+            if (Object.keys(compat).length > 0) payload.compatibility = compat;
+        }
+        return payload;
+    }
+    /**
+   * Format bytes for display
+   */ formatBytes(bytes) {
+        if (bytes < 1024) return `${bytes} B`;
+        if (bytes < 1048576) return `${(bytes / 1024).toFixed(1)} KB`;
+        return `${(bytes / 1048576).toFixed(1)} MB`;
+    }
+    /**
+   * Calculate total size of files
+   */ calculateTotalSize(skillPath, files) {
+        let total = 0;
+        for (const file of files){
+            const filePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, file);
+            if (external_node_fs_.existsSync(filePath)) {
+                const stats = external_node_fs_.statSync(filePath);
+                total += stats.size;
             }
         }
+        return total;
     }
+}
+/**
+ * SkillValidator - Validate skills for publishing
+ *
+ * Following agentskills.io specification: https://agentskills.io/specification
+ *
+ * Key points:
+ * - SKILL.md is the SOLE source of metadata (name, description, version, etc.)
+ * - skill.json is NOT used - all metadata comes from SKILL.md frontmatter
+ * - Version defaults to "0.0.0" if not specified in SKILL.md
+ */ // ============================================================================
+// Constants
+// ============================================================================
+const MAX_NAME_LENGTH = 64;
+const MAX_DESCRIPTION_LENGTH = 1024;
+const MAX_KEYWORDS = 10;
+const SINGLE_CHAR_NAME_PATTERN = /^[a-z0-9]$/;
+const DEFAULT_VERSION = '0.0.0';
+// Default files to include in publish
+const DEFAULT_FILES = [
+    'SKILL.md',
+    'README.md',
+    'LICENSE'
+];
+// ============================================================================
+// SkillValidator Class
+// ============================================================================
+class SkillValidator {
     /**
-   * Validate a skill directory for publishing
+   * Validate skill name format
    *
-   * Following agentskills.io specification:
-   * - SKILL.md is the SOLE source of metadata
-   * - name and description are REQUIRED in frontmatter
-   */ validate(skillPath) {
+   * Requirements:
+   * - Lowercase letters, numbers, and hyphens only
+   * - 1-64 characters
+   * - Cannot start or end with hyphen
+   * - Cannot have consecutive hyphens
+   */ validateName(name) {
         const errors = [];
-        const warnings = [];
-        // Check SKILL.md exists (REQUIRED per spec)
-        const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, 'SKILL.md');
-        if (!external_node_fs_.existsSync(skillMdPath)) {
+        if (!name) {
             errors.push({
-                field: 'SKILL.md',
-                message: 'SKILL.md not found. This file is required for publishing.',
-                suggestion: 'Create a SKILL.md file with name and description in YAML frontmatter'
+                field: 'name',
+                message: 'Skill name is required',
+                suggestion: 'Add "name" field to SKILL.md frontmatter'
             });
             return {
                 valid: false,
                 errors,
-                warnings
+                warnings: []
             };
         }
-        // Parse SKILL.md
-        let skillMd;
-        try {
-            skillMd = parseSkillMdFile(skillMdPath);
-            if (!skillMd) {
-                errors.push({
-                    field: 'SKILL.md',
-                    message: 'SKILL.md must have valid YAML frontmatter with name and description',
-                    suggestion: 'Add frontmatter: ---\\nname: your-skill\\ndescription: Your description\\n---'
-                });
-                return {
-                    valid: false,
-                    errors,
-                    warnings
-                };
-            }
-        } catch (error) {
+        if (name.length > MAX_NAME_LENGTH) errors.push({
+            field: 'name',
+            message: `Skill name must be at most ${MAX_NAME_LENGTH} characters`,
+            suggestion: `Shorten the name to ${MAX_NAME_LENGTH} characters or less`
+        });
+        // Check for uppercase
+        if (/[A-Z]/.test(name)) errors.push({
+            field: 'name',
+            message: 'Skill name must be lowercase',
+            suggestion: `Change "${name}" to "${name.toLowerCase()}"`
+        });
+        // Check for invalid characters
+        if (/[^a-z0-9-]/.test(name)) errors.push({
+            field: 'name',
+            message: 'Skill name can only contain lowercase letters, numbers, and hyphens',
+            suggestion: 'Remove special characters from the name'
+        });
+        // Check pattern for multi-char names
+        if (1 === name.length) {
+            if (!SINGLE_CHAR_NAME_PATTERN.test(name)) errors.push({
+                field: 'name',
+                message: 'Single character name must be a lowercase letter or number'
+            });
+        } else if (name.length > 1) {
+            // Check start/end with hyphen
+            if (name.startsWith('-')) errors.push({
+                field: 'name',
+                message: 'Skill name cannot start with a hyphen'
+            });
+            if (name.endsWith('-')) errors.push({
+                field: 'name',
+                message: 'Skill name cannot end with a hyphen'
+            });
+            // Check consecutive hyphens
+            if (/--/.test(name)) errors.push({
+                field: 'name',
+                message: 'Skill name cannot contain consecutive hyphens'
+            });
+        }
+        return {
+            valid: 0 === errors.length,
+            errors,
+            warnings: []
+        };
+    }
+    /**
+   * Validate version format (semver)
+   */ validateVersion(version) {
+        const errors = [];
+        if (!version) {
             errors.push({
-                field: 'SKILL.md',
-                message: `Failed to parse SKILL.md: ${error.message}`,
-                suggestion: 'Check the YAML frontmatter syntax is valid'
+                field: 'version',
+                message: 'Version is required',
+                suggestion: 'Add "version" field to SKILL.md frontmatter (e.g., "1.0.0")'
             });
             return {
                 valid: false,
                 errors,
-                warnings
+                warnings: []
             };
         }
-        // Validate name from SKILL.md
-        const nameResult = this.validateName(skillMd.name);
-        errors.push(...nameResult.errors);
-        // Validate description from SKILL.md
-        const descResult = this.validateDescription(skillMd.description);
-        errors.push(...descResult.errors);
-        // Check version in SKILL.md
-        const skillMdVersion = skillMd.version || skillMd.metadata?.version;
-        if (skillMdVersion) {
-            // Validate the version from SKILL.md
-            const versionResult = this.validateVersion(skillMdVersion);
-            errors.push(...versionResult.errors);
-        } else warnings.push({
+        // Check for v prefix
+        if (version.startsWith('v')) {
+            errors.push({
+                field: 'version',
+                message: 'Version should not have "v" prefix',
+                suggestion: `Change "${version}" to "${version.slice(1)}"`
+            });
+            return {
+                valid: false,
+                errors,
+                warnings: []
+            };
+        }
+        if (!__WEBPACK_EXTERNAL_MODULE_semver__.valid(version)) errors.push({
             field: 'version',
-            message: `No version specified, defaulting to "${DEFAULT_VERSION}"`,
-            suggestion: 'Add version in SKILL.md frontmatter'
-        });
-        // Check keywords count (only if metadata.keywords is a valid array)
-        const keywords = skillMd.metadata?.keywords;
-        if (Array.isArray(keywords) && keywords.length > MAX_KEYWORDS) warnings.push({
-            field: 'keywords',
-            message: `Too many keywords (${keywords.length}). Recommended max: ${MAX_KEYWORDS}`
-        });
-        // Check license
-        if (!skillMd.license) warnings.push({
-            field: 'license',
-            message: 'No license specified',
-            suggestion: 'Add license in SKILL.md frontmatter'
+            message: `Invalid version format: "${version}". Must follow semver (x.y.z)`,
+            suggestion: 'Use format like "1.0.0" or "1.0.0-beta.1"'
         });
         return {
             valid: 0 === errors.length,
             errors,
-            warnings
+            warnings: []
         };
     }
     /**
-   * Generate integrity hash for files
-   */ generateIntegrity(skillPath, files) {
-        const hash = __WEBPACK_EXTERNAL_MODULE_node_crypto__.createHash('sha256');
-        // Sort files for consistent ordering
-        const sortedFiles = [
-            ...files
-        ].sort();
-        for (const file of sortedFiles){
-            const filePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, file);
-            if (external_node_fs_.existsSync(filePath)) {
-                hash.update(file);
-                const content = external_node_fs_.readFileSync(filePath);
-                hash.update(content);
-            }
-        }
-        return `sha256-${hash.digest('hex')}`;
-    }
-}
-/**
- * ContentScanner - Detect malicious patterns in SKILL.md content
- *
- * Features:
- * - Context-aware: skips safe zones (frontmatter, code blocks, quotes, blockquotes)
- * - 6 built-in detection rules across 3 risk levels
- * - Configurable: override levels, disable rules, add custom rules
- * - Pure string operations in scan() — no fs dependency, suitable for server use
- * - scanFile() convenience method for CLI use
- */ // ============================================================================
-// Safe Zone Masking
-// ============================================================================
-/**
- * Mask safe zones in Markdown content with spaces, preserving line structure.
- *
- * Safe zones (content replaced with spaces):
- * - YAML frontmatter (`---` ... `---` at file start)
- * - Fenced code blocks (``` or ~~~)
- * - Indented code blocks (4 spaces / tab after blank line)
- * - Blockquotes (`> ` prefix)
- * - Inline code (`` `...` ``)
- * - Double-quoted text (`"..."`, min 3 chars between quotes)
- *
- * Line breaks are preserved so line numbers remain correct.
- */ function maskSafeZones(content) {
-    const lines = content.split('\n');
-    const result = [];
-    let inFrontmatter = false;
-    let inFencedCode = false;
-    let fenceChar = '';
-    let fenceLength = 0;
-    let prevLineBlank = false;
-    let prevLineIndentedCode = false;
-    for(let i = 0; i < lines.length; i++){
-        const line = lines[i];
-        // --- YAML Frontmatter (only at file start) ---
-        if (0 === i && '---' === line.trim()) {
-            inFrontmatter = true;
-            result.push(maskLine(line));
-            continue;
-        }
-        if (inFrontmatter) {
-            result.push(maskLine(line));
-            if ('---' === line.trim()) inFrontmatter = false;
-            continue;
-        }
-        // --- Fenced code blocks (``` or ~~~) ---
-        const fenceMatch = line.match(/^(`{3,}|~{3,})/);
-        if (!inFencedCode && fenceMatch) {
-            inFencedCode = true;
-            fenceChar = fenceMatch[1][0];
-            fenceLength = fenceMatch[1].length;
-            result.push(maskLine(line));
-            prevLineBlank = false;
-            prevLineIndentedCode = false;
-            continue;
-        }
-        if (inFencedCode) {
-            result.push(maskLine(line));
-            const closeMatch = line.match(/^(`{3,}|~{3,})\s*$/);
-            if (closeMatch && closeMatch[1][0] === fenceChar && closeMatch[1].length >= fenceLength) inFencedCode = false;
-            prevLineBlank = false;
-            prevLineIndentedCode = false;
-            continue;
-        }
-        // --- Blockquote ---
-        if (/^>\s?/.test(line)) {
-            result.push(maskLine(line));
-            prevLineBlank = false;
-            prevLineIndentedCode = false;
-            continue;
-        }
-        // --- Indented code block (4 spaces or tab, after blank line) ---
-        if (/^(?:    |\t)/.test(line) && (prevLineBlank || prevLineIndentedCode)) {
-            result.push(maskLine(line));
-            prevLineBlank = false;
-            prevLineIndentedCode = true;
-            continue;
+   * Validate description
+   *
+   * Following agentskills.io specification:
+   * - Max 1024 characters
+   * - Non-empty
+   */ validateDescription(description) {
+        const errors = [];
+        if (!description) {
+            errors.push({
+                field: 'description',
+                message: 'Description is required',
+                suggestion: 'Add "description" field to SKILL.md frontmatter'
+            });
+            return {
+                valid: false,
+                errors,
+                warnings: []
+            };
         }
-        // --- Normal line: mask inline code and double-quoted text ---
-        result.push(maskInline(line));
-        prevLineBlank = '' === line.trim();
-        prevLineIndentedCode = false;
-    }
-    return result.join('\n');
-}
-/** Replace all characters in a line with spaces (preserving length) */ function maskLine(line) {
-    return ' '.repeat(line.length);
-}
-/**
- * Mask inline code (`` `...` ``) and double-quoted text (`"..."`) within a line.
- * Uses regex replacement for efficiency (avoids char-by-char concatenation on long lines).
- * Single quotes are NOT masked to avoid false matches with apostrophes.
- */ function maskInline(line) {
-    let result = line;
-    // Inline code: `...`
-    result = result.replace(/`[^`]+`/g, (m)=>' '.repeat(m.length));
-    // Double-quoted text: "..." (min 3 chars between quotes)
-    result = result.replace(/"[^"]{3,}"/g, (m)=>' '.repeat(m.length));
-    return result;
-}
-// ============================================================================
-// Rule Helpers
-// ============================================================================
-/** Find lines matching any of the given patterns, return one match per line */ function findLineMatches(content, patterns) {
-    const lines = content.split('\n');
-    const matches = [];
-    for(let i = 0; i < lines.length; i++)for (const pattern of patterns)if (pattern.test(lines[i])) {
-        matches.push({
-            line: i + 1
+        if (description.length > MAX_DESCRIPTION_LENGTH) errors.push({
+            field: 'description',
+            message: `Description must be at most ${MAX_DESCRIPTION_LENGTH} characters`
         });
-        break;
+        // Note: angle brackets are allowed per agentskills.io spec
+        return {
+            valid: 0 === errors.length,
+            errors,
+            warnings: []
+        };
     }
-    return matches;
-}
-// ============================================================================
-// Default Rules
-// ============================================================================
-const SNIPPET_MAX_LENGTH = 120;
-/** Built-in detection rules */ const DEFAULT_RULES = [
-    // Rule 1: Prompt Injection (high)
-    {
-        id: 'prompt-injection',
-        level: 'high',
-        message: 'Detected prompt injection attempt',
-        skipSafeZones: true,
-        check: (content)=>findLineMatches(content, [
-                // English patterns
-                /ignore\s+(all\s+)?previous\s+instructions/i,
-                /disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
-                /you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
-                /from\s+now\s+on[,\s]+you\s+are/i,
-                /new\s+system\s+prompt/i,
-                /override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
-                /forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
-                /(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
-                // Chinese patterns (中文提示词注入)
-                /[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
-                /你现在是/,
-                /从现在开始.{0,10}你是/,
-                /新的系统提示词/,
-                /[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
-                /忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
-                /进入.{0,5}新的?\s*(模式|上下文|会话)/,
-                /不要遵守.{0,10}(安全|限制|规则|约束)/,
-                /解除.{0,5}(限制|约束|安全)/,
-                /无限制模式/,
-                /安全模式已关闭/
-            ])
-    },
-    // Rule 2: Data Exfiltration (high)
-    {
-        id: 'data-exfiltration',
-        level: 'high',
-        message: 'Detected potential data exfiltration command',
-        skipSafeZones: true,
-        check: (content)=>{
-            const lines = content.split('\n');
-            const matches = [];
-            const commandPattern = /\b(curl|wget|fetch|http\.post|requests\.post|nc\b|ncat|netcat)\b/i;
-            const sensitivePattern = /(\$[A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|AUTH)[A-Z_]*|\$ENV\b|\$\{[^}]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)[^}]*\})/i;
-            for(let i = 0; i < lines.length; i++)if (commandPattern.test(lines[i]) && sensitivePattern.test(lines[i])) matches.push({
-                line: i + 1
-            });
-            return matches;
+    /**
+   * Load skill information from directory
+   *
+   * Following agentskills.io specification:
+   * - SKILL.md is the SOLE source of metadata
+   * - skillJson is synthesized from SKILL.md for backward compatibility with publish API
+   */ loadSkill(skillPath) {
+        const result = {
+            path: skillPath,
+            skillJson: null,
+            skillMd: null,
+            readme: null,
+            files: []
+        };
+        // Load SKILL.md (sole source of metadata)
+        const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, 'SKILL.md');
+        if (external_node_fs_.existsSync(skillMdPath)) try {
+            result.skillMd = parseSkillMdFile(skillMdPath);
+            // Always synthesize skillJson from SKILL.md for backward compatibility
+            if (result.skillMd) result.skillJson = this.synthesizeSkillJson(result.skillMd);
+        } catch  {
+        // Will be caught in validation
         }
-    },
-    // Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
-    {
-        id: 'obfuscation',
-        level: 'high',
-        message: 'Detected content obfuscation',
-        skipSafeZones: false,
-        check: (content)=>{
-            const matches = [];
-            const lines = content.split('\n');
-            // Zero-width characters (suspicious in any context)
-            const zeroWidthPattern = /[\u200B\u200C\u200D\uFEFF\u2060\u180E]/;
-            for(let i = 0; i < lines.length; i++)if (zeroWidthPattern.test(lines[i])) matches.push({
-                line: i + 1,
-                snippet: 'Zero-width Unicode characters detected'
-            });
-            // Long base64-like strings (>200 continuous chars)
-            const base64Pattern = /[A-Za-z0-9+/=]{200,}/;
-            for(let i = 0; i < lines.length; i++)if (base64Pattern.test(lines[i])) matches.push({
-                line: i + 1,
-                snippet: 'Suspicious base64-encoded block detected'
-            });
-            // Large HTML comments (>200 chars of content)
-            const commentRegex = /<!--([\s\S]{200,}?)-->/g;
-            let match;
-            // biome-ignore lint/suspicious/noAssignInExpressions: standard regex exec loop
-            while(null !== (match = commentRegex.exec(content))){
-                const lineNum = content.slice(0, match.index).split('\n').length;
-                matches.push({
-                    line: lineNum,
-                    snippet: `Large HTML comment block (${match[1].length} chars)`
-                });
-            }
-            return matches;
+        // Load README.md
+        const readmePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, 'README.md');
+        if (external_node_fs_.existsSync(readmePath)) {
+            const content = external_node_fs_.readFileSync(readmePath, 'utf-8');
+            // Only keep first 500 chars as preview
+            result.readme = content.slice(0, 500);
         }
-    },
-    // Rule 4: Sensitive File Access (medium)
-    {
-        id: 'sensitive-file-access',
-        level: 'medium',
-        message: 'References sensitive file path',
-        skipSafeZones: true,
-        check: (content)=>findLineMatches(content, [
-                /~\/\.ssh\b/,
-                /~\/\.aws\b/,
-                /~\/\.gnupg\b/,
-                /~\/\.config\/gcloud\b/,
-                /\bid_rsa\b/i,
-                /\bid_ed25519\b/i,
-                /\/etc\/passwd\b/,
-                /\/etc\/shadow\b/,
-                /\.env\b(?!\.\w)/
-            ])
-    },
-    // Rule 5: Stealth Instructions (medium) — phrase + action verb matching
-    {
-        id: 'stealth-instructions',
-        level: 'medium',
-        message: 'Detected instruction to hide actions from user',
-        skipSafeZones: true,
-        check: (content)=>{
-            const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
-            const patterns = [
-                // English patterns
-                new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
-                new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
-                new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
-                new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
-                new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
-                new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
-                // Chinese patterns (中文隐蔽指令)
-                /悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
-                /不要告诉用户/,
-                /不要让用户知道/,
-                /对用户隐藏/,
-                /在用户不知情的情况下/,
-                /瞒着用户/
-            ];
-            // Safe patterns to exclude (common in legitimate DevOps/automation skills)
-            const safePatterns = [
-                /silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
-                // Chinese safe patterns (中文合法自动化用语)
-                /悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
-            ];
-            const lines = content.split('\n');
-            const matches = [];
-            for(let i = 0; i < lines.length; i++){
-                const line = lines[i];
-                if (!safePatterns.some((p)=>p.test(line))) {
-                    for (const pattern of patterns)if (pattern.test(line)) {
-                        matches.push({
-                            line: i + 1
-                        });
-                        break;
-                    }
+        // Scan files (use files array from SKILL.md metadata if available)
+        const filesPattern = result.skillMd?.metadata?.files;
+        result.files = this.scanFiles(skillPath, filesPattern);
+        return result;
+    }
+    /**
+   * Synthesize a SkillJson object from SKILL.md frontmatter
+   *
+   * This creates a SkillJson representation from SKILL.md for backward compatibility
+   * with the publish API. All metadata comes from SKILL.md.
+   */ synthesizeSkillJson(skillMd) {
+        // Extract version: first from top-level frontmatter, then from metadata, then default
+        const version = skillMd.version || skillMd.metadata?.version || DEFAULT_VERSION;
+        // Only include keywords if it's a valid array
+        const keywords = Array.isArray(skillMd.metadata?.keywords) ? skillMd.metadata.keywords : void 0;
+        return {
+            name: skillMd.name,
+            version,
+            description: skillMd.description,
+            license: skillMd.license,
+            keywords,
+            entry: 'SKILL.md'
+        };
+    }
+    /**
+   * Scan files to include in publish
+   *
+   * If includePatterns is specified, only include those files/directories.
+   * Otherwise, scan all files in the directory (excluding ignored patterns).
+   */ scanFiles(skillPath, includePatterns) {
+        const files = [];
+        const seen = new Set();
+        // If includePatterns specified, use selective scanning
+        if (includePatterns && includePatterns.length > 0) {
+            // Add default files first
+            for (const file of DEFAULT_FILES){
+                const filePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, file);
+                if (external_node_fs_.existsSync(filePath) && !seen.has(file)) {
+                    files.push(file);
+                    seen.add(file);
                 }
             }
-            return matches;
-        }
-    },
-    // Rule 6: Oversized Content (low) — scans ALL content
-    {
-        id: 'oversized-content',
-        level: 'low',
-        message: 'Content exceeds recommended size limit',
-        skipSafeZones: false,
-        check: (content)=>{
-            const MAX_SIZE_BYTES = 51200;
-            const sizeBytes = Buffer.byteLength(content, 'utf-8');
-            if (sizeBytes > MAX_SIZE_BYTES) return [
-                {
-                    snippet: `Content size: ${(sizeBytes / 1024).toFixed(1)}KB (limit: 50KB)`
+            // Add files from SKILL.md metadata.files array
+            for (const pattern of includePatterns){
+                const targetPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, pattern);
+                if (external_node_fs_.existsSync(targetPath)) {
+                    const stat = external_node_fs_.statSync(targetPath);
+                    if (stat.isDirectory()) // Recursively add all files in directory
+                    this.addFilesFromDir(skillPath, pattern, files, seen);
+                    else if (!seen.has(pattern)) {
+                        files.push(pattern);
+                        seen.add(pattern);
+                    }
                 }
-            ];
-            return [];
-        }
-    }
-];
-// ============================================================================
-// ContentScanner
-// ============================================================================
-/** Build the effective rule set from defaults + options */ function buildRuleSet(options) {
-    let rules = DEFAULT_RULES.map((r)=>({
-            ...r
-        }));
-    if (options?.disabledRules?.length) {
-        const disabled = new Set(options.disabledRules);
-        rules = rules.filter((r)=>!disabled.has(r.id));
+            }
+        } else // No includePatterns: scan entire directory (default behavior)
+        this.addFilesFromDir(skillPath, '', files, seen);
+        return files;
     }
-    if (options?.overrides) for (const rule of rules){
-        const override = options.overrides[rule.id];
-        if (override) rule.level = override;
+    /**
+   * Patterns to ignore when scanning directories
+   */ static IGNORE_PATTERNS = [
+        '.git',
+        '.svn',
+        '.hg',
+        'node_modules',
+        '.DS_Store',
+        'Thumbs.db',
+        '.idea',
+        '.vscode',
+        '*.log',
+        '*.tmp',
+        '*.swp',
+        '*.bak'
+    ];
+    /**
+   * Check if a file/directory should be ignored
+   */ shouldIgnore(name) {
+        for (const pattern of SkillValidator.IGNORE_PATTERNS)if (pattern.startsWith('*')) {
+            // Wildcard pattern (e.g., *.log)
+            const ext = pattern.slice(1);
+            if (name.endsWith(ext)) return true;
+        } else if (name === pattern) return true;
+        return false;
     }
-    if (options?.customRules?.length) rules.push(...options.customRules);
-    return rules;
-}
-/**
- * Content scanner for SKILL.md files.
- *
- * Detects prompt injection, data exfiltration, obfuscation, sensitive file
- * access, stealth instructions, and oversized content.
- *
- * @example
- * ```typescript
- * // Default usage (CLI)
- * const scanner = new ContentScanner();
- * const result = scanner.scan(content);
- *
- * // Custom usage (private registry server)
- * const scanner = new ContentScanner({
- *   overrides: { 'prompt-injection': 'medium' },
- *   disabledRules: ['stealth-instructions'],
- * });
- * ```
- */ class ContentScanner {
-    rules;
-    constructor(options){
-        this.rules = buildRuleSet(options);
+    /**
+   * Recursively add files from directory
+   */ addFilesFromDir(basePath, dirPath, files, seen) {
+        const fullPath = dirPath ? __WEBPACK_EXTERNAL_MODULE_node_path__.join(basePath, dirPath) : basePath;
+        const entries = external_node_fs_.readdirSync(fullPath, {
+            withFileTypes: true
+        });
+        for (const entry of entries){
+            // Skip ignored files/directories
+            if (this.shouldIgnore(entry.name)) continue;
+            const relativePath = dirPath ? __WEBPACK_EXTERNAL_MODULE_node_path__.join(dirPath, entry.name) : entry.name;
+            if (entry.isDirectory()) this.addFilesFromDir(basePath, relativePath, files, seen);
+            else if (!seen.has(relativePath)) {
+                files.push(relativePath);
+                seen.add(relativePath);
+            }
+        }
     }
     /**
-   * Scan content string for malicious patterns.
-   * Pure string operation — no file system access.
-   */ scan(content) {
-        const originalLines = content.split('\n');
-        const maskedContent = maskSafeZones(content);
-        const findings = [];
-        for (const rule of this.rules){
-            const targetContent = rule.skipSafeZones ? maskedContent : content;
-            const matches = rule.check(targetContent);
-            for (const match of matches){
-                // Use custom snippet if provided, otherwise generate from original content
-                const snippet = match.snippet ?? (null != match.line ? originalLines[match.line - 1]?.trim().slice(0, SNIPPET_MAX_LENGTH) : void 0);
-                findings.push({
-                    rule: rule.id,
-                    level: rule.level,
-                    message: rule.message,
-                    line: match.line,
-                    snippet
+   * Validate a skill directory for publishing
+   *
+   * Following agentskills.io specification:
+   * - SKILL.md is the SOLE source of metadata
+   * - name and description are REQUIRED in frontmatter
+   */ validate(skillPath) {
+        const errors = [];
+        const warnings = [];
+        // Check SKILL.md exists (REQUIRED per spec)
+        const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, 'SKILL.md');
+        if (!external_node_fs_.existsSync(skillMdPath)) {
+            errors.push({
+                field: 'SKILL.md',
+                message: 'SKILL.md not found. This file is required for publishing.',
+                suggestion: 'Create a SKILL.md file with name and description in YAML frontmatter'
+            });
+            return {
+                valid: false,
+                errors,
+                warnings
+            };
+        }
+        // Parse SKILL.md
+        let skillMd;
+        try {
+            skillMd = parseSkillMdFile(skillMdPath);
+            if (!skillMd) {
+                errors.push({
+                    field: 'SKILL.md',
+                    message: 'SKILL.md must have valid YAML frontmatter with name and description',
+                    suggestion: 'Add frontmatter: ---\\nname: your-skill\\ndescription: Your description\\n---'
                 });
+                return {
+                    valid: false,
+                    errors,
+                    warnings
+                };
             }
+        } catch (error) {
+            errors.push({
+                field: 'SKILL.md',
+                message: `Failed to parse SKILL.md: ${error.message}`,
+                suggestion: 'Check the YAML frontmatter syntax is valid'
+            });
+            return {
+                valid: false,
+                errors,
+                warnings
+            };
         }
-        const hasHighRisk = findings.some((f)=>'high' === f.level);
+        // Validate name from SKILL.md
+        const nameResult = this.validateName(skillMd.name);
+        errors.push(...nameResult.errors);
+        // Validate description from SKILL.md
+        const descResult = this.validateDescription(skillMd.description);
+        errors.push(...descResult.errors);
+        // Check version in SKILL.md
+        const skillMdVersion = skillMd.version || skillMd.metadata?.version;
+        if (skillMdVersion) {
+            // Validate the version from SKILL.md
+            const versionResult = this.validateVersion(skillMdVersion);
+            errors.push(...versionResult.errors);
+        } else warnings.push({
+            field: 'version',
+            message: `No version specified, defaulting to "${DEFAULT_VERSION}"`,
+            suggestion: 'Add version in SKILL.md frontmatter'
+        });
+        // Check keywords count (only if metadata.keywords is a valid array)
+        const keywords = skillMd.metadata?.keywords;
+        if (Array.isArray(keywords) && keywords.length > MAX_KEYWORDS) warnings.push({
+            field: 'keywords',
+            message: `Too many keywords (${keywords.length}). Recommended max: ${MAX_KEYWORDS}`
+        });
+        // Check license
+        if (!skillMd.license) warnings.push({
+            field: 'license',
+            message: 'No license specified',
+            suggestion: 'Add license in SKILL.md frontmatter'
+        });
         return {
-            passed: !hasHighRisk,
-            findings
+            valid: 0 === errors.length,
+            errors,
+            warnings
         };
     }
     /**
-   * Scan a file for malicious patterns.
-   * Convenience wrapper that reads the file then calls scan().
-   */ scanFile(filePath) {
-        const content = external_node_fs_.readFileSync(filePath, 'utf-8');
-        return this.scan(content);
+   * Generate integrity hash for files
+   */ generateIntegrity(skillPath, files) {
+        const hash = __WEBPACK_EXTERNAL_MODULE_node_crypto__.createHash('sha256');
+        // Sort files for consistent ordering
+        const sortedFiles = [
+            ...files
+        ].sort();
+        for (const file of sortedFiles){
+            const filePath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillPath, file);
+            if (external_node_fs_.existsSync(filePath)) {
+                hash.update(file);
+                const content = external_node_fs_.readFileSync(filePath);
+                hash.update(content);
+            }
+        }
+        return `sha256-${hash.digest('hex')}`;
     }
 }
 /**
@@ -8796,7 +8797,7 @@ async function publishAction(skillPath, options) {
         const validation = validator.validate(absolutePath);
         // 3.5. Content security scan
         const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(absolutePath, 'SKILL.md');
-        if (external_node_fs_.existsSync(skillMdPath)) {
+        if (exists(skillMdPath)) {
             const scanner = new ContentScanner();
             const scanResult = scanner.scanFile(skillMdPath);
             displayScanFindings(scanResult);