npm - reskill - Versions diffs - 1.20.3 → 1.21.0 - Mend

reskill 1.20.3 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +1 -0
package/README.zh-CN.md +1 -0
package/dist/cli/index.js +1401 -1118
package/dist/core/agent-registry.d.ts +6 -2
package/dist/core/agent-registry.d.ts.map +1 -1
package/dist/core/claude-3p-installer.d.ts +28 -0
package/dist/core/claude-3p-installer.d.ts.map +1 -0
package/dist/core/index.d.ts +3 -2
package/dist/core/index.d.ts.map +1 -1
package/dist/core/installer.d.ts.map +1 -1
package/dist/core/skill-manager.d.ts.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +1412 -1124
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -33,476 +33,721 @@ function __webpack_require__(moduleId) {
 /************************************************************************/ // EXTERNAL MODULE: external "node:fs"
 var external_node_fs_ = __webpack_require__("node:fs");
 /**
- * ContentScanner - Detect malicious patterns in SKILL.md content
+ * Skill Parser - SKILL.md parser
  *
- * Features:
- * - Context-aware: skips safe zones (frontmatter, code blocks, quotes, blockquotes)
- * - 6 built-in detection rules across 3 risk levels
- * - Configurable: override levels, disable rules, add custom rules
- * - Pure string operations in scan() — no fs dependency, suitable for server use
- * - scanFile() convenience method for CLI use
- */ // ============================================================================
-// Safe Zone Masking
-// ============================================================================
-/**
- * Mask safe zones in Markdown content with spaces, preserving line structure.
+ * Following agentskills.io specification: https://agentskills.io/specification
  *
- * Safe zones (content replaced with spaces):
- * - YAML frontmatter (`---` ... `---` at file start)
- * - Fenced code blocks (``` or ~~~)
- * - Indented code blocks (4 spaces / tab after blank line)
- * - Blockquotes (`> ` prefix)
- * - Inline code (`` `...` ``)
- * - Double-quoted text (`"..."`, min 3 chars between quotes)
+ * SKILL.md format requirements:
+ * - YAML frontmatter containing name and description (required)
+ * - name: max 64 characters, lowercase letters, numbers, hyphens
+ * - description: max 1024 characters
+ * - Optional fields: license, compatibility, metadata, allowed-tools
+ */ /**
+ * Skill validation error
+ */ class SkillValidationError extends Error {
+    field;
+    constructor(message, field){
+        super(message), this.field = field;
+        this.name = 'SkillValidationError';
+    }
+}
+/**
+ * Simple YAML frontmatter parser
+ * Parses --- delimited YAML header
  *
- * Line breaks are preserved so line numbers remain correct.
- */ function maskSafeZones(content) {
-    const lines = content.split('\n');
-    const result = [];
-    let inFrontmatter = false;
-    let inFencedCode = false;
-    let fenceChar = '';
-    let fenceLength = 0;
-    let prevLineBlank = false;
-    let prevLineIndentedCode = false;
-    for(let i = 0; i < lines.length; i++){
-        const line = lines[i];
-        // --- YAML Frontmatter (only at file start) ---
-        if (0 === i && '---' === line.trim()) {
-            inFrontmatter = true;
-            result.push(maskLine(line));
-            continue;
-        }
-        if (inFrontmatter) {
-            result.push(maskLine(line));
-            if ('---' === line.trim()) inFrontmatter = false;
-            continue;
-        }
-        // --- Fenced code blocks (``` or ~~~) ---
-        const fenceMatch = line.match(/^(`{3,}|~{3,})/);
-        if (!inFencedCode && fenceMatch) {
-            inFencedCode = true;
-            fenceChar = fenceMatch[1][0];
-            fenceLength = fenceMatch[1].length;
-            result.push(maskLine(line));
-            prevLineBlank = false;
-            prevLineIndentedCode = false;
-            continue;
+ * Supports:
+ * - Basic key: value pairs
+ * - Multiline strings (| and >)
+ * - Nested objects (one level deep, for metadata field)
+ */ function parseFrontmatter(content) {
+    const frontmatterRegex = /^---\r?\n([\s\S]*?)\r?\n---\r?\n([\s\S]*)$/;
+    const match = content.match(frontmatterRegex);
+    if (!match) return {
+        data: {},
+        content
+    };
+    const yamlContent = match[1];
+    const markdownContent = match[2];
+    // Simple YAML parsing (supports basic key: value, one level of nesting,
+    // block scalars (| and >), and plain scalars spanning multiple indented lines)
+    const data = {};
+    const lines = yamlContent.split('\n');
+    let currentKey = '';
+    let currentValue = '';
+    let inMultiline = false;
+    let inNestedObject = false;
+    let inPlainScalar = false;
+    let nestedObject = {};
+    /**
+   * Save the current key/value accumulated so far, then reset state.
+   */ function flushCurrent() {
+        if (!currentKey) return;
+        if (inNestedObject) {
+            data[currentKey] = nestedObject;
+            nestedObject = {};
+            inNestedObject = false;
+        } else if (inPlainScalar || inMultiline) {
+            data[currentKey] = currentValue.trim();
+            inPlainScalar = false;
+            inMultiline = false;
+        } else data[currentKey] = parseYamlValue(currentValue.trim());
+        currentKey = '';
+        currentValue = '';
+    }
+    for (const line of lines){
+        const trimmedLine = line.trim();
+        if (!trimmedLine || trimmedLine.startsWith('#')) continue;
+        const isIndented = line.startsWith('  ');
+        // ---- Inside a block scalar (| or >) ----
+        if (inMultiline) {
+            if (isIndented) {
+                currentValue += (currentValue ? '\n' : '') + line.slice(2);
+                continue;
+            }
+            // Unindented line ends the block scalar — fall through to top-level parsing
+            flushCurrent();
         }
-        if (inFencedCode) {
-            result.push(maskLine(line));
-            const closeMatch = line.match(/^(`{3,}|~{3,})\s*$/);
-            if (closeMatch && closeMatch[1][0] === fenceChar && closeMatch[1].length >= fenceLength) inFencedCode = false;
-            prevLineBlank = false;
-            prevLineIndentedCode = false;
-            continue;
+        // ---- Inside a plain scalar (multiline value without | or >) ----
+        if (inPlainScalar) {
+            if (isIndented) {
+                // Continuation line: join with a space (YAML plain scalar folding)
+                currentValue += ` ${trimmedLine}`;
+                continue;
+            }
+            // Unindented line ends the plain scalar — fall through to top-level parsing
+            flushCurrent();
         }
-        // --- Blockquote ---
-        if (/^>\s?/.test(line)) {
-            result.push(maskLine(line));
-            prevLineBlank = false;
-            prevLineIndentedCode = false;
+        // ---- Inside a nested object ----
+        if (inNestedObject && isIndented) {
+            const nestedMatch = line.match(/^ {2}([a-zA-Z_-]+):\s*(.*)$/);
+            if (nestedMatch) {
+                const [, nestedKey, nestedValue] = nestedMatch;
+                nestedObject[nestedKey] = parseYamlValue(nestedValue.trim());
+                continue;
+            }
+            // Indented line that isn't a nested key:value — this key was actually
+            // a plain scalar, not a nested object. Switch modes.
+            inNestedObject = false;
+            inPlainScalar = true;
+            currentValue = trimmedLine;
             continue;
         }
-        // --- Indented code block (4 spaces or tab, after blank line) ---
-        if (/^(?:    |\t)/.test(line) && (prevLineBlank || prevLineIndentedCode)) {
-            result.push(maskLine(line));
-            prevLineBlank = false;
-            prevLineIndentedCode = true;
+        // ---- Top-level key: value ----
+        const keyValueMatch = line.match(/^([a-zA-Z_-]+):\s*(.*)$/);
+        if (keyValueMatch) {
+            flushCurrent();
+            currentKey = keyValueMatch[1];
+            currentValue = keyValueMatch[2];
+            if ('|' === currentValue || '>' === currentValue) {
+                inMultiline = true;
+                currentValue = '';
+            } else if ('' === currentValue) {
+                // Empty value — could be nested object or plain scalar; peek at next lines
+                inNestedObject = true;
+                nestedObject = {};
+            }
             continue;
         }
-        // --- Normal line: mask inline code and double-quoted text ---
-        result.push(maskInline(line));
-        prevLineBlank = '' === line.trim();
-        prevLineIndentedCode = false;
+        // ---- Unindented line that isn't key:value while in nested object ----
+        if (inNestedObject) flushCurrent();
     }
-    return result.join('\n');
+    // Save last accumulated value
+    flushCurrent();
+    return {
+        data,
+        content: markdownContent
+    };
 }
-/** Replace all characters in a line with spaces (preserving length) */ function maskLine(line) {
-    return ' '.repeat(line.length);
+/**
+ * Parse YAML value
+ */ function parseYamlValue(value) {
+    if (!value) return '';
+    // Boolean value
+    if ('true' === value) return true;
+    if ('false' === value) return false;
+    // Number
+    if (/^-?\d+$/.test(value)) return parseInt(value, 10);
+    if (/^-?\d+\.\d+$/.test(value)) return parseFloat(value);
+    // Remove quotes
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) return value.slice(1, -1);
+    return value;
 }
 /**
- * Mask inline code (`` `...` ``) and double-quoted text (`"..."`) within a line.
- * Uses regex replacement for efficiency (avoids char-by-char concatenation on long lines).
- * Single quotes are NOT masked to avoid false matches with apostrophes.
- */ function maskInline(line) {
-    let result = line;
-    // Inline code: `...`
-    result = result.replace(/`[^`]+`/g, (m)=>' '.repeat(m.length));
-    // Double-quoted text: "..." (min 3 chars between quotes)
-    result = result.replace(/"[^"]{3,}"/g, (m)=>' '.repeat(m.length));
-    return result;
+ * Validate skill name format
+ *
+ * Specification requirements:
+ * - Max 64 characters
+ * - Only lowercase letters, numbers, hyphens allowed
+ * - Cannot start or end with hyphen
+ * - Cannot contain consecutive hyphens
+ */ function validateSkillName(name) {
+    if (!name) throw new SkillValidationError('Skill name is required', 'name');
+    if (name.length > 64) throw new SkillValidationError('Skill name must be at most 64 characters', 'name');
+    if (!/^[a-z0-9]/.test(name)) throw new SkillValidationError('Skill name must start with a lowercase letter or number', 'name');
+    if (!/[a-z0-9]$/.test(name)) throw new SkillValidationError('Skill name must end with a lowercase letter or number', 'name');
+    if (/--/.test(name)) throw new SkillValidationError('Skill name cannot contain consecutive hyphens', 'name');
+    if (!/^[a-z0-9][a-z0-9-]*[a-z0-9]$/.test(name) && name.length > 1) throw new SkillValidationError('Skill name can only contain lowercase letters, numbers, and hyphens', 'name');
+    // Single character name
+    if (1 === name.length && !/^[a-z0-9]$/.test(name)) throw new SkillValidationError('Single character skill name must be a lowercase letter or number', 'name');
 }
-// ============================================================================
-// Rule Helpers
-// ============================================================================
-/** Find lines matching any of the given patterns, return one match per line */ function findLineMatches(content, patterns) {
-    const lines = content.split('\n');
-    const matches = [];
-    for(let i = 0; i < lines.length; i++)for (const pattern of patterns)if (pattern.test(lines[i])) {
-        matches.push({
-            line: i + 1
-        });
-        break;
-    }
-    return matches;
+/**
+ * Validate skill description
+ *
+ * Specification requirements:
+ * - Max 1024 characters
+ * - Angle brackets are allowed per agentskills.io spec
+ */ function validateSkillDescription(description) {
+    if (!description) throw new SkillValidationError('Skill description is required', 'description');
+    if (description.length > 1024) throw new SkillValidationError('Skill description must be at most 1024 characters', 'description');
+// Note: angle brackets are allowed per agentskills.io spec
 }
-// ============================================================================
-// Default Rules
-// ============================================================================
-const SNIPPET_MAX_LENGTH = 120;
-/** Built-in detection rules */ const DEFAULT_RULES = [
-    // Rule 1: Prompt Injection (high)
-    {
-        id: 'prompt-injection',
-        level: 'high',
-        message: 'Detected prompt injection attempt',
-        skipSafeZones: true,
-        check: (content)=>findLineMatches(content, [
-                // English patterns
-                /ignore\s+(all\s+)?previous\s+instructions/i,
-                /disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
-                /you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
-                /from\s+now\s+on[,\s]+you\s+are/i,
-                /new\s+system\s+prompt/i,
-                /override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
-                /forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
-                /(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
-                // Chinese patterns (中文提示词注入)
-                /[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
-                /你现在是/,
-                /从现在开始.{0,10}你是/,
-                /新的系统提示词/,
-                /[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
-                /忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
-                /进入.{0,5}新的?\s*(模式|上下文|会话)/,
-                /不要遵守.{0,10}(安全|限制|规则|约束)/,
-                /解除.{0,5}(限制|约束|安全)/,
-                /无限制模式/,
-                /安全模式已关闭/
-            ])
-    },
-    // Rule 2: Data Exfiltration (high)
-    {
-        id: 'data-exfiltration',
-        level: 'high',
-        message: 'Detected potential data exfiltration command',
-        skipSafeZones: true,
-        check: (content)=>{
-            const lines = content.split('\n');
-            const matches = [];
-            const commandPattern = /\b(curl|wget|fetch|http\.post|requests\.post|nc\b|ncat|netcat)\b/i;
-            const sensitivePattern = /(\$[A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|AUTH)[A-Z_]*|\$ENV\b|\$\{[^}]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)[^}]*\})/i;
-            for(let i = 0; i < lines.length; i++)if (commandPattern.test(lines[i]) && sensitivePattern.test(lines[i])) matches.push({
-                line: i + 1
-            });
-            return matches;
-        }
-    },
-    // Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
-    //   Zero-width chars and base64 are suspicious everywhere (even inside code blocks).
-    {
-        id: 'obfuscation',
-        level: 'high',
-        message: 'Detected content obfuscation',
-        skipSafeZones: false,
-        check: (content)=>{
-            const matches = [];
-            const lines = content.split('\n');
-            // Zero-width characters (suspicious in any context)
-            const zeroWidthPattern = /[\u200B\u200C\u200D\uFEFF\u2060\u180E]/;
-            for(let i = 0; i < lines.length; i++)if (zeroWidthPattern.test(lines[i])) matches.push({
-                line: i + 1,
-                snippet: 'Zero-width Unicode characters detected'
-            });
-            // Long base64-like strings (>200 continuous chars)
-            const base64Pattern = /[A-Za-z0-9+/=]{200,}/;
-            for(let i = 0; i < lines.length; i++)if (base64Pattern.test(lines[i])) matches.push({
-                line: i + 1,
-                snippet: 'Suspicious base64-encoded block detected'
-            });
-            return matches;
-        }
-    },
-    // Rule 3b: Large HTML Comments (high) — respects safe zones (code blocks, etc.)
-    //   HTML comments inside fenced code blocks are normal code examples, not obfuscation.
-    {
-        id: 'obfuscation',
-        level: 'high',
-        message: 'Detected content obfuscation',
-        skipSafeZones: true,
-        check: (content)=>{
-            const matches = [];
-            // Large HTML comments (>200 chars of content)
-            const commentRegex = /<!--([\s\S]{200,}?)-->/g;
-            let match;
-            // biome-ignore lint/suspicious/noAssignInExpressions: standard regex exec loop
-            while(null !== (match = commentRegex.exec(content))){
-                const lineNum = content.slice(0, match.index).split('\n').length;
-                matches.push({
-                    line: lineNum,
-                    snippet: `Large HTML comment block (${match[1].length} chars)`
-                });
-            }
-            return matches;
+/**
+ * Parse SKILL.md content
+ *
+ * @param content - SKILL.md file content
+ * @param options - Parse options
+ * @returns Parsed skill info, or null if format is invalid
+ * @throws SkillValidationError if validation fails in strict mode
+ */ function parseSkillMd(content, options = {}) {
+    const { strict = false } = options;
+    try {
+        const { data, content: body } = parseFrontmatter(content);
+        // Check required fields
+        if (!data.name || !data.description) {
+            if (strict) throw new SkillValidationError('SKILL.md must have name and description in frontmatter');
+            return null;
         }
-    },
-    // Rule 4: Sensitive File Access (medium)
-    {
-        id: 'sensitive-file-access',
-        level: 'medium',
-        message: 'References sensitive file path',
-        skipSafeZones: true,
-        check: (content)=>findLineMatches(content, [
-                /~\/\.ssh\b/,
-                /~\/\.aws\b/,
-                /~\/\.gnupg\b/,
-                /~\/\.config\/gcloud\b/,
-                /\bid_rsa\b/i,
-                /\bid_ed25519\b/i,
-                /\/etc\/passwd\b/,
-                /\/etc\/shadow\b/,
-                /\.env\b(?!\.\w)/
-            ])
-    },
-    // Rule 5: Stealth Instructions (medium) — phrase + action verb matching
-    {
-        id: 'stealth-instructions',
-        level: 'medium',
-        message: 'Detected instruction to hide actions from user',
-        skipSafeZones: true,
-        check: (content)=>{
-            const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
-            const patterns = [
-                // English patterns
-                new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
-                new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
-                new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
-                new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
-                new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
-                new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
-                // Chinese patterns (中文隐蔽指令)
-                /悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
-                /不要告诉用户/,
-                /不要让用户知道/,
-                /对用户隐藏/,
-                /在用户不知情的情况下/,
-                /瞒着用户/
-            ];
-            // Safe patterns to exclude (common in legitimate DevOps/automation skills)
-            const safePatterns = [
-                /silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
-                // Chinese safe patterns (中文合法自动化用语)
-                /悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
-            ];
-            const lines = content.split('\n');
-            const matches = [];
-            for(let i = 0; i < lines.length; i++){
-                const line = lines[i];
-                if (!safePatterns.some((p)=>p.test(line))) {
-                    for (const pattern of patterns)if (pattern.test(line)) {
-                        matches.push({
-                            line: i + 1
-                        });
-                        break;
-                    }
-                }
-            }
-            return matches;
+        const name = String(data.name);
+        const description = String(data.description);
+        // Validate field format
+        if (strict) {
+            validateSkillName(name);
+            validateSkillDescription(description);
         }
-    },
-    // Rule 6: Oversized Content (low) — scans ALL content
-    {
-        id: 'oversized-content',
-        level: 'low',
-        message: 'Content exceeds recommended size limit',
-        skipSafeZones: false,
-        check: (content)=>{
-            const MAX_SIZE_BYTES = 51200;
-            const sizeBytes = Buffer.byteLength(content, 'utf-8');
-            if (sizeBytes > MAX_SIZE_BYTES) return [
-                {
-                    snippet: `Content size: ${(sizeBytes / 1024).toFixed(1)}KB (limit: 50KB)`
-                }
-            ];
-            return [];
+        // Parse allowed-tools
+        let allowedTools;
+        if (data['allowed-tools']) {
+            const toolsStr = String(data['allowed-tools']);
+            allowedTools = toolsStr.split(/\s+/).filter(Boolean);
         }
+        return {
+            name,
+            description,
+            version: data.version ? String(data.version) : void 0,
+            license: data.license ? String(data.license) : void 0,
+            compatibility: data.compatibility ? String(data.compatibility) : void 0,
+            metadata: data.metadata,
+            allowedTools,
+            content: body,
+            rawContent: content
+        };
+    } catch (error) {
+        if (error instanceof SkillValidationError) throw error;
+        if (strict) throw new SkillValidationError(`Failed to parse SKILL.md: ${error}`);
+        return null;
     }
-];
-// ============================================================================
-// ContentScanner
-// ============================================================================
-/** Build the effective rule set from defaults + options */ function buildRuleSet(options) {
-    let rules = DEFAULT_RULES.map((r)=>({
-            ...r
-        }));
-    if (options?.disabledRules?.length) {
-        const disabled = new Set(options.disabledRules);
-        rules = rules.filter((r)=>!disabled.has(r.id));
-    }
-    if (options?.overrides) for (const rule of rules){
-        const override = options.overrides[rule.id];
-        if (override) rule.level = override;
+}
+/**
+ * Parse SKILL.md from file path
+ */ function skill_parser_parseSkillMdFile(filePath, options = {}) {
+    if (!external_node_fs_.existsSync(filePath)) {
+        if (options.strict) throw new SkillValidationError(`SKILL.md not found: ${filePath}`);
+        return null;
     }
-    if (options?.customRules?.length) rules.push(...options.customRules);
-    return rules;
+    const content = external_node_fs_.readFileSync(filePath, 'utf-8');
+    return parseSkillMd(content, options);
 }
 /**
- * Content scanner for SKILL.md files.
- *
- * Detects prompt injection, data exfiltration, obfuscation, sensitive file
- * access, stealth instructions, and oversized content.
- *
- * @example
- * ```typescript
- * // Default usage (CLI)
- * const scanner = new ContentScanner();
- * const result = scanner.scan(content);
- *
- * // Custom usage (private registry server)
- * const scanner = new ContentScanner({
- *   overrides: { 'prompt-injection': 'medium' },
- *   disabledRules: ['stealth-instructions'],
- * });
- * ```
- */ class ContentScanner {
-    rules;
-    constructor(options){
-        this.rules = buildRuleSet(options);
+ * Parse SKILL.md from skill directory
+ */ function parseSkillFromDir(dirPath, options = {}) {
+    const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dirPath, 'SKILL.md');
+    return skill_parser_parseSkillMdFile(skillMdPath, options);
+}
+/**
+ * Check if directory contains valid SKILL.md
+ */ function hasValidSkillMd(dirPath) {
+    const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dirPath, 'SKILL.md');
+    if (!external_node_fs_.existsSync(skillMdPath)) return false;
+    try {
+        const skill = skill_parser_parseSkillMdFile(skillMdPath);
+        return null !== skill;
+    } catch  {
+        return false;
     }
-    /**
-   * Scan content string for malicious patterns.
-   * Pure string operation — no file system access.
-   */ scan(content) {
-        const originalLines = content.split('\n');
-        const maskedContent = maskSafeZones(content);
-        const findings = [];
-        for (const rule of this.rules){
-            const targetContent = rule.skipSafeZones ? maskedContent : content;
-            const matches = rule.check(targetContent);
-            for (const match of matches){
-                // Use custom snippet if provided, otherwise generate from original content
-                const snippet = match.snippet ?? (null != match.line ? originalLines[match.line - 1]?.trim().slice(0, SNIPPET_MAX_LENGTH) : void 0);
-                findings.push({
-                    rule: rule.id,
-                    level: rule.level,
-                    message: rule.message,
-                    line: match.line,
-                    snippet
-                });
-            }
-        }
-        const hasHighRisk = findings.some((f)=>'high' === f.level);
-        return {
-            passed: !hasHighRisk,
-            findings
-        };
+}
+const SKIP_DIRS = [
+    'node_modules',
+    '.git',
+    'dist',
+    'build',
+    '__pycache__'
+];
+const MAX_DISCOVER_DEPTH = 5;
+const PRIORITY_SKILL_DIRS = [
+    'skills',
+    '.agents/skills',
+    '.cursor/skills',
+    '.claude/skills',
+    '.windsurf/skills',
+    '.github/skills'
+];
+function findSkillDirsRecursive(dir, depth, maxDepth, visitedDirs) {
+    if (depth > maxDepth) return [];
+    const resolvedDir = __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(dir);
+    if (visitedDirs.has(resolvedDir)) return [];
+    if (!external_node_fs_.existsSync(dir) || !external_node_fs_.statSync(dir).isDirectory()) return [];
+    visitedDirs.add(resolvedDir);
+    const results = [];
+    let entries;
+    try {
+        entries = external_node_fs_.readdirSync(dir);
+    } catch  {
+        return [];
     }
-    /**
-   * Scan a file for malicious patterns.
-   * Convenience wrapper that reads the file then calls scan().
-   */ scanFile(filePath) {
-        if (!external_node_fs_.existsSync(filePath)) throw new Error(`File not found: ${filePath}`);
-        const content = external_node_fs_.readFileSync(filePath, 'utf-8');
-        return this.scan(content);
+    for (const entry of entries){
+        if (SKIP_DIRS.includes(entry)) continue;
+        const fullPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dir, entry);
+        const resolvedFull = __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(fullPath);
+        if (visitedDirs.has(resolvedFull)) continue;
+        let stat;
+        try {
+            stat = external_node_fs_.statSync(fullPath);
+        } catch  {
+            continue;
+        }
+        if (!!stat.isDirectory()) {
+            if (hasValidSkillMd(fullPath)) results.push(fullPath);
+            results.push(...findSkillDirsRecursive(fullPath, depth + 1, maxDepth, visitedDirs));
+        }
     }
+    return results;
 }
-// ============================================================================
-// ContentScanError
-// ============================================================================
 /**
- * Error thrown when content scanning detects high-risk findings.
- * Carries the full findings array for display purposes.
- */ class ContentScanError extends Error {
-    findings;
-    constructor(findings){
-        const highCount = findings.filter((f)=>'high' === f.level).length;
-        super(`Content security scan failed: ${highCount} high-risk finding(s) detected`);
-        this.name = 'ContentScanError';
-        this.findings = findings;
+ * Discover all skills in a directory by scanning for SKILL.md files.
+ *
+ * Strategy:
+ * 1. Check root for SKILL.md
+ * 2. Search priority directories (skills/, .agents/skills/, .cursor/skills/, etc.)
+ * 3. Fall back to recursive search (max depth 5, skip node_modules, .git, dist, etc.)
+ *
+ * @param basePath - Root directory to search
+ * @returns List of parsed skills with their directory paths (absolute)
+ */ function discoverSkillsInDir(basePath) {
+    const resolvedBase = __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(basePath);
+    const results = [];
+    const seenNames = new Set();
+    function addSkill(dirPath) {
+        const skill = parseSkillFromDir(dirPath);
+        if (skill && !seenNames.has(skill.name)) {
+            seenNames.add(skill.name);
+            results.push({
+                ...skill,
+                dirPath: __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(dirPath)
+            });
+        }
+    }
+    if (hasValidSkillMd(resolvedBase)) addSkill(resolvedBase);
+    // Track visited directories to avoid redundant I/O during recursive scan
+    const visitedDirs = new Set();
+    for (const sub of PRIORITY_SKILL_DIRS){
+        const dir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(resolvedBase, sub);
+        if (!!external_node_fs_.existsSync(dir) && !!external_node_fs_.statSync(dir).isDirectory()) {
+            visitedDirs.add(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(dir));
+            try {
+                const entries = external_node_fs_.readdirSync(dir);
+                for (const entry of entries){
+                    const skillDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dir, entry);
+                    try {
+                        if (external_node_fs_.statSync(skillDir).isDirectory() && hasValidSkillMd(skillDir)) {
+                            addSkill(skillDir);
+                            visitedDirs.add(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(skillDir));
+                        }
+                    } catch  {
+                    // Skip entries that can't be stat'd (race condition, permission, etc.)
+                    }
+                }
+            } catch  {
+            // Skip if unreadable
+            }
+        }
     }
+    const recursiveDirs = findSkillDirsRecursive(resolvedBase, 0, MAX_DISCOVER_DEPTH, visitedDirs);
+    for (const skillDir of recursiveDirs)addSkill(skillDir);
+    return results;
 }
 /**
- * Agent Registry - Multi-Agent configuration definitions
+ * Filter skills by name (case-insensitive exact match).
  *
- * Supports global and project-level installation for 17 coding agents
- * Reference: https://github.com/vercel-labs/add-skill
- */ const agent_registry_home = (0, __WEBPACK_EXTERNAL_MODULE_node_os__.homedir)();
+ * Note: an empty `names` array returns an empty result (not all skills).
+ * Callers should check `names.length` before calling if "no filter = all" is desired.
+ *
+ * @param skills - List of discovered skills
+ * @param names - Skill names to match (e.g. from --skill pdf commit)
+ * @returns Skills whose name matches any of the given names
+ */ function filterSkillsByName(skills, names) {
+    const normalized = names.map((n)=>n.toLowerCase());
+    return skills.filter((skill)=>{
+        // Match against SKILL.md name field
+        if (normalized.includes(skill.name.toLowerCase())) return true;
+        // Also match against the directory name (basename of dirPath)
+        // Users naturally refer to skills by their directory name
+        const dirName = __WEBPACK_EXTERNAL_MODULE_node_path__.basename(skill.dirPath).toLowerCase();
+        return normalized.includes(dirName);
+    });
+}
 /**
- * All supported Agents configuration
- */ const agents = {
-    amp: {
-        name: 'amp',
-        displayName: 'Amp',
-        skillsDir: '.agents/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/agents/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/amp'))
-    },
-    antigravity: {
-        name: 'antigravity',
-        displayName: 'Antigravity',
-        skillsDir: '.agent/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini/antigravity/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(process.cwd(), '.agent')) || (0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini/antigravity'))
-    },
-    'claude-code': {
-        name: 'claude-code',
-        displayName: 'Claude Code',
-        skillsDir: '.claude/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.claude/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.claude'))
-    },
-    clawdbot: {
-        name: 'clawdbot',
-        displayName: 'Clawdbot',
-        skillsDir: 'skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.clawdbot/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.clawdbot'))
-    },
-    codex: {
-        name: 'codex',
-        displayName: 'Codex',
-        skillsDir: '.codex/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.codex/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.codex'))
-    },
-    cursor: {
-        name: 'cursor',
-        displayName: 'Cursor',
-        skillsDir: '.cursor/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.cursor/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.cursor'))
-    },
-    droid: {
-        name: 'droid',
-        displayName: 'Droid',
-        skillsDir: '.factory/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.factory/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.factory/skills'))
-    },
-    'gemini-cli': {
-        name: 'gemini-cli',
-        displayName: 'Gemini CLI',
-        skillsDir: '.gemini/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini'))
-    },
-    'github-copilot': {
-        name: 'github-copilot',
-        displayName: 'GitHub Copilot',
-        skillsDir: '.github/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.copilot/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(process.cwd(), '.github')) || (0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.copilot'))
-    },
-    goose: {
-        name: 'goose',
-        displayName: 'Goose',
-        skillsDir: '.goose/skills',
-        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/goose/skills'),
-        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/goose'))
-    },
-    kilo: {
-        name: 'kilo',
+ * Generate SKILL.md content
+ */ function generateSkillMd(skill) {
+    const frontmatter = [
+        '---'
+    ];
+    frontmatter.push(`name: ${skill.name}`);
+    frontmatter.push(`description: ${skill.description}`);
+    if (skill.license) frontmatter.push(`license: ${skill.license}`);
+    if (skill.compatibility) frontmatter.push(`compatibility: ${skill.compatibility}`);
+    if (skill.allowedTools && skill.allowedTools.length > 0) frontmatter.push(`allowed-tools: ${skill.allowedTools.join(' ')}`);
+    frontmatter.push('---');
+    frontmatter.push('');
+    return frontmatter.join('\n') + skill.content;
+}
+const CLAUDE_COWORK_3P_AGENT = 'claude-cowork-3p';
+const CLAUDE_3P_SKILLS_ROOT_ENV = 'CLAUDE_3P_SKILLS_ROOT';
+const CLAUDE_3P_SKILLS_PLUGIN_BASE_ENV = 'CLAUDE_3P_SKILLS_PLUGIN_BASE';
+const DEFAULT_EXCLUDE_FILES = [
+    'README.md',
+    'metadata.json',
+    '.reskill-commit'
+];
+const EXCLUDE_PREFIX = '_';
+const MAX_MANIFEST_BACKUPS = 10;
+function exists(targetPath) {
+    return external_node_fs_.existsSync(targetPath);
+}
+function ensureDir(dirPath) {
+    if (!exists(dirPath)) external_node_fs_.mkdirSync(dirPath, {
+        recursive: true
+    });
+}
+function remove(targetPath) {
+    if (exists(targetPath)) external_node_fs_.rmSync(targetPath, {
+        recursive: true,
+        force: true
+    });
+}
+function isSafeSkillId(name) {
+    return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(name) && '.' !== name && '..' !== name;
+}
+function isPathSafe(basePath, targetPath) {
+    const normalizedBase = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(basePath));
+    const normalizedTarget = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(targetPath));
+    return normalizedTarget.startsWith(normalizedBase + __WEBPACK_EXTERNAL_MODULE_node_path__.sep);
+}
+function getSafeSkillPath(root, skillName) {
+    if (!isSafeSkillId(skillName)) throw new Error(`Skill name is not safe for Claude Cowork 3P: ${skillName}`);
+    const skillsDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'skills');
+    const skillPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillsDir, skillName);
+    if (!isPathSafe(skillsDir, skillPath)) throw new Error(`Skill path escapes Claude Cowork 3P skills directory: ${skillName}`);
+    return skillPath;
+}
+function isSkillsRoot(root) {
+    return exists(__WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'manifest.json')) && exists(__WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'skills'));
+}
+function copyDirectory(src, dest) {
+    ensureDir(dest);
+    for (const entry of external_node_fs_.readdirSync(src, {
+        withFileTypes: true
+    })){
+        if (DEFAULT_EXCLUDE_FILES.includes(entry.name) || entry.name.startsWith(EXCLUDE_PREFIX)) continue;
+        const srcPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(src, entry.name);
+        const destPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dest, entry.name);
+        if (entry.isDirectory()) copyDirectory(srcPath, destPath);
+        else if (entry.isFile()) external_node_fs_.copyFileSync(srcPath, destPath);
+    }
+}
+function getClaude3pSkillsPluginBase(options = {}) {
+    const env = options.env ?? process.env;
+    const explicitBase = env[CLAUDE_3P_SKILLS_PLUGIN_BASE_ENV];
+    if (explicitBase) return explicitBase;
+    const homeDir = options.homeDir ?? (0, __WEBPACK_EXTERNAL_MODULE_node_os__.homedir)();
+    const currentPlatform = options.platform ?? (0, __WEBPACK_EXTERNAL_MODULE_node_os__.platform)();
+    if ('darwin' === currentPlatform) return __WEBPACK_EXTERNAL_MODULE_node_path__.join(homeDir, 'Library', 'Application Support', 'Claude-3p', 'local-agent-mode-sessions', 'skills-plugin');
+    if ('win32' === currentPlatform) return __WEBPACK_EXTERNAL_MODULE_node_path__.join(env.APPDATA ?? __WEBPACK_EXTERNAL_MODULE_node_path__.join(homeDir, 'AppData', 'Roaming'), 'Claude-3p', 'local-agent-mode-sessions', 'skills-plugin');
+    return __WEBPACK_EXTERNAL_MODULE_node_path__.join(env.XDG_CONFIG_HOME ?? __WEBPACK_EXTERNAL_MODULE_node_path__.join(homeDir, '.config'), 'Claude-3p', 'local-agent-mode-sessions', 'skills-plugin');
+}
+function findClaude3pSkillsRoots(options = {}) {
+    const env = options.env ?? process.env;
+    const explicitRoot = env[CLAUDE_3P_SKILLS_ROOT_ENV];
+    if (explicitRoot) return isSkillsRoot(explicitRoot) ? [
+        explicitRoot
+    ] : [];
+    const base = getClaude3pSkillsPluginBase(options);
+    if (!exists(base)) return [];
+    const roots = [];
+    for (const organization of external_node_fs_.readdirSync(base, {
+        withFileTypes: true
+    })){
+        if (!organization.isDirectory()) continue;
+        const organizationPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(base, organization.name);
+        for (const account of external_node_fs_.readdirSync(organizationPath, {
+            withFileTypes: true
+        })){
+            if (!account.isDirectory()) continue;
+            const candidate = __WEBPACK_EXTERNAL_MODULE_node_path__.join(organizationPath, account.name);
+            if (isSkillsRoot(candidate)) roots.push(candidate);
+        }
+    }
+    return roots;
+}
+function resolveClaude3pSkillsRoot(options = {}) {
+    const env = options.env ?? process.env;
+    const explicitRoot = env[CLAUDE_3P_SKILLS_ROOT_ENV];
+    if (explicitRoot) {
+        if (!isSkillsRoot(explicitRoot)) throw new Error(`${CLAUDE_3P_SKILLS_ROOT_ENV} must contain manifest.json and skills/: ${explicitRoot}`);
+        return explicitRoot;
+    }
+    const roots = findClaude3pSkillsRoots(options);
+    if (1 === roots.length) return roots[0];
+    const base = getClaude3pSkillsPluginBase(options);
+    if (0 === roots.length) throw new Error(`Claude Cowork 3P skills root not found under ${base}. Set ${CLAUDE_3P_SKILLS_ROOT_ENV} to the account directory containing manifest.json and skills/.`);
+    throw new Error(`Multiple Claude Cowork 3P skills roots found. Set ${CLAUDE_3P_SKILLS_ROOT_ENV} to one of:\n${roots.map((root)=>`  ${root}`).join('\n')}`);
+}
+function getClaude3pSkillPath(skillName) {
+    const root = resolveClaude3pSkillsRoot();
+    return getSafeSkillPath(root, skillName);
+}
+function readManifest(manifestPath) {
+    const content = external_node_fs_.readFileSync(manifestPath, 'utf-8');
+    return JSON.parse(content);
+}
+function writeManifest(manifestPath, manifest) {
+    external_node_fs_.writeFileSync(manifestPath, `${JSON.stringify(manifest, null, 2)}\n`, 'utf-8');
+}
+function createManifestBackup(manifestPath) {
+    const backupPath = `${manifestPath}.bak.${Date.now()}`;
+    external_node_fs_.copyFileSync(manifestPath, backupPath);
+    return backupPath;
+}
+function pruneManifestBackups(manifestPath) {
+    const manifestDir = __WEBPACK_EXTERNAL_MODULE_node_path__.dirname(manifestPath);
+    const backupPrefix = `${__WEBPACK_EXTERNAL_MODULE_node_path__.basename(manifestPath)}.bak.`;
+    const backups = external_node_fs_.readdirSync(manifestDir, {
+        withFileTypes: true
+    }).filter((entry)=>entry.isFile() && entry.name.startsWith(backupPrefix)).map((entry)=>({
+            name: entry.name,
+            path: __WEBPACK_EXTERNAL_MODULE_node_path__.join(manifestDir, entry.name),
+            mtimeMs: external_node_fs_.statSync(__WEBPACK_EXTERNAL_MODULE_node_path__.join(manifestDir, entry.name)).mtimeMs
+        })).sort((a, b)=>b.mtimeMs - a.mtimeMs);
+    for (const backup of backups.slice(MAX_MANIFEST_BACKUPS))remove(backup.path);
+}
+function updateManifest(manifestPath, skillId, name, description) {
+    const manifest = readManifest(manifestPath);
+    if (!Array.isArray(manifest.skills)) manifest.skills = [];
+    const entry = {
+        skillId,
+        name,
+        description,
+        creatorType: 'user',
+        syncManaged: false,
+        updatedAt: new Date().toISOString(),
+        enabled: true
+    };
+    const index = manifest.skills.findIndex((skill)=>skill.skillId === skillId || skill.name === name);
+    if (index >= 0) manifest.skills[index] = {
+        ...manifest.skills[index],
+        ...entry
+    };
+    else manifest.skills.push(entry);
+    manifest.lastUpdated = Date.now();
+    writeManifest(manifestPath, manifest);
+}
+function removeFromManifest(manifestPath, skillId) {
+    const manifest = readManifest(manifestPath);
+    if (!Array.isArray(manifest.skills)) return;
+    const before = manifest.skills.length;
+    manifest.skills = manifest.skills.filter((skill)=>skill.skillId !== skillId && skill.name !== skillId);
+    if (manifest.skills.length !== before) {
+        manifest.lastUpdated = Date.now();
+        writeManifest(manifestPath, manifest);
+    }
+}
+function installClaude3pSkill(sourcePath, fallbackName, _options = {}) {
+    const installMode = 'copy';
+    let manifestPath;
+    let manifestBackupPath;
+    let targetPath;
+    let tmpTarget;
+    let rollbackTarget;
+    try {
+        const metadata = parseSkillFromDir(sourcePath);
+        const skillId = metadata?.name ?? fallbackName;
+        const description = metadata?.description ?? '';
+        if (!isSafeSkillId(skillId)) return {
+            success: false,
+            path: '',
+            mode: installMode,
+            error: `SKILL.md name is not safe for Claude Cowork 3P: ${skillId}`
+        };
+        const root = resolveClaude3pSkillsRoot();
+        manifestPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'manifest.json');
+        const skillsDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'skills');
+        targetPath = getSafeSkillPath(root, skillId);
+        tmpTarget = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillsDir, `.${skillId}.installing.${process.pid}`);
+        rollbackTarget = __WEBPACK_EXTERNAL_MODULE_node_path__.join(skillsDir, `.${skillId}.rollback.${process.pid}`);
+        if (!isPathSafe(skillsDir, tmpTarget)) throw new Error(`Temporary skill path escapes Claude Cowork 3P skills directory: ${skillId}`);
+        if (!isPathSafe(skillsDir, rollbackTarget)) throw new Error(`Rollback skill path escapes Claude Cowork 3P skills directory: ${skillId}`);
+        manifestBackupPath = createManifestBackup(manifestPath);
+        remove(tmpTarget);
+        remove(rollbackTarget);
+        copyDirectory(sourcePath, tmpTarget);
+        if (exists(targetPath)) external_node_fs_.renameSync(targetPath, rollbackTarget);
+        external_node_fs_.renameSync(tmpTarget, targetPath);
+        try {
+            updateManifest(manifestPath, skillId, skillId, description);
+        } catch (error) {
+            remove(targetPath);
+            if (rollbackTarget && exists(rollbackTarget)) external_node_fs_.renameSync(rollbackTarget, targetPath);
+            if (manifestBackupPath && manifestPath && exists(manifestBackupPath)) external_node_fs_.copyFileSync(manifestBackupPath, manifestPath);
+            throw error;
+        }
+        if (rollbackTarget) remove(rollbackTarget);
+        pruneManifestBackups(manifestPath);
+        return {
+            success: true,
+            path: targetPath,
+            mode: installMode
+        };
+    } catch (error) {
+        if (tmpTarget) remove(tmpTarget);
+        if (targetPath && rollbackTarget && exists(rollbackTarget) && !exists(targetPath)) try {
+            external_node_fs_.renameSync(rollbackTarget, targetPath);
+        } catch  {
+        // Ignore rollback errors while reporting the original installation failure.
+        }
+        if (manifestPath) try {
+            pruneManifestBackups(manifestPath);
+        } catch  {
+        // Ignore cleanup errors while reporting the original installation failure.
+        }
+        return {
+            success: false,
+            path: '',
+            mode: installMode,
+            error: error instanceof Error ? error.message : 'Unknown error'
+        };
+    }
+}
+function uninstallClaude3pSkill(skillName) {
+    const root = resolveClaude3pSkillsRoot();
+    const targetPath = getSafeSkillPath(root, skillName);
+    const manifestPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'manifest.json');
+    const existed = exists(targetPath);
+    if (existed) remove(targetPath);
+    removeFromManifest(manifestPath, skillName);
+    return existed;
+}
+function listClaude3pSkills() {
+    const root = resolveClaude3pSkillsRoot();
+    const skillsDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(root, 'skills');
+    if (!exists(skillsDir)) return [];
+    return external_node_fs_.readdirSync(skillsDir, {
+        withFileTypes: true
+    }).filter((entry)=>entry.isDirectory() && isSafeSkillId(entry.name)).map((entry)=>entry.name);
+}
+/**
+ * Agent Registry - Multi-Agent configuration definitions
+ *
+ * Supports global and project-level installation for 18 coding agents
+ * Reference: https://github.com/vercel-labs/add-skill
+ */ const agent_registry_home = (0, __WEBPACK_EXTERNAL_MODULE_node_os__.homedir)();
+/**
+ * All supported Agents configuration
+ */ const agents = {
+    amp: {
+        name: 'amp',
+        displayName: 'Amp',
+        skillsDir: '.agents/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/agents/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/amp'))
+    },
+    antigravity: {
+        name: 'antigravity',
+        displayName: 'Antigravity',
+        skillsDir: '.agent/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini/antigravity/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(process.cwd(), '.agent')) || (0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini/antigravity'))
+    },
+    'claude-code': {
+        name: 'claude-code',
+        displayName: 'Claude Code',
+        skillsDir: '.claude/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.claude/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.claude'))
+    },
+    [CLAUDE_COWORK_3P_AGENT]: {
+        name: CLAUDE_COWORK_3P_AGENT,
+        displayName: 'Claude Cowork 3P',
+        skillsDir: '.claude-3p/skills',
+        globalSkillsDir: getClaude3pSkillsPluginBase(),
+        detectInstalled: async ()=>{
+            try {
+                resolveClaude3pSkillsRoot();
+                return true;
+            } catch  {
+                return false;
+            }
+        }
+    },
+    clawdbot: {
+        name: 'clawdbot',
+        displayName: 'Clawdbot',
+        skillsDir: 'skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.clawdbot/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.clawdbot'))
+    },
+    codex: {
+        name: 'codex',
+        displayName: 'Codex',
+        skillsDir: '.codex/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.codex/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.codex'))
+    },
+    cursor: {
+        name: 'cursor',
+        displayName: 'Cursor',
+        skillsDir: '.cursor/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.cursor/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.cursor'))
+    },
+    droid: {
+        name: 'droid',
+        displayName: 'Droid',
+        skillsDir: '.factory/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.factory/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.factory/skills'))
+    },
+    'gemini-cli': {
+        name: 'gemini-cli',
+        displayName: 'Gemini CLI',
+        skillsDir: '.gemini/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.gemini'))
+    },
+    'github-copilot': {
+        name: 'github-copilot',
+        displayName: 'GitHub Copilot',
+        skillsDir: '.github/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.copilot/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(process.cwd(), '.github')) || (0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.copilot'))
+    },
+    goose: {
+        name: 'goose',
+        displayName: 'Goose',
+        skillsDir: '.goose/skills',
+        globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/goose/skills'),
+        detectInstalled: async ()=>(0, external_node_fs_.existsSync)((0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.config/goose'))
+    },
+    kilo: {
+        name: 'kilo',
         displayName: 'Kilo Code',
         skillsDir: '.kilocode/skills',
         globalSkillsDir: (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(agent_registry_home, '.kilocode/skills'),
@@ -575,8 +820,13 @@ const SNIPPET_MAX_LENGTH = 120;
 }
 /**
  * Get Agent's project-level skills directory
+ *
+ * Claude Cowork 3P stores skills under an app-managed account directory. This
+ * throws when that directory cannot be resolved, for example when the app has
+ * not initialized skills or multiple local account roots exist.
  */ function getAgentSkillsDir(type, options = {}) {
     const config = agents[type];
+    if (type === CLAUDE_COWORK_3P_AGENT) return (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(resolveClaude3pSkillsRoot(), 'skills');
     if (options.global) return config.globalSkillsDir;
     const cwd = options.cwd || process.cwd();
     return (0, __WEBPACK_EXTERNAL_MODULE_node_path__.join)(cwd, config.skillsDir);
@@ -585,7 +835,7 @@ const SNIPPET_MAX_LENGTH = 120;
  * File system utilities
  */ /**
  * Check if a file or directory exists
- */ function exists(filePath) {
+ */ function fs_exists(filePath) {
     return external_node_fs_.existsSync(filePath);
 }
 /**
@@ -598,22 +848,22 @@ const SNIPPET_MAX_LENGTH = 120;
  * Write JSON file
  */ function writeJson(filePath, data, indent = 2) {
     const dir = __WEBPACK_EXTERNAL_MODULE_node_path__.dirname(filePath);
-    if (!exists(dir)) external_node_fs_.mkdirSync(dir, {
+    if (!fs_exists(dir)) external_node_fs_.mkdirSync(dir, {
         recursive: true
     });
     external_node_fs_.writeFileSync(filePath, `${JSON.stringify(data, null, indent)}\n`, 'utf-8');
 }
 /**
  * Create directory recursively
- */ function ensureDir(dirPath) {
-    if (!exists(dirPath)) external_node_fs_.mkdirSync(dirPath, {
+ */ function fs_ensureDir(dirPath) {
+    if (!fs_exists(dirPath)) external_node_fs_.mkdirSync(dirPath, {
         recursive: true
     });
 }
 /**
  * Remove file or directory
- */ function remove(targetPath) {
-    if (exists(targetPath)) external_node_fs_.rmSync(targetPath, {
+ */ function fs_remove(targetPath) {
+    if (fs_exists(targetPath)) external_node_fs_.rmSync(targetPath, {
         recursive: true,
         force: true
     });
@@ -628,7 +878,7 @@ const SNIPPET_MAX_LENGTH = 120;
  */ function copyDir(src, dest, options) {
     const exclude = options?.exclude || [];
     const excludePrefix = options?.excludePrefix || '_';
-    ensureDir(dest);
+    fs_ensureDir(dest);
     const entries = external_node_fs_.readdirSync(src, {
         withFileTypes: true
     });
@@ -644,19 +894,19 @@ const SNIPPET_MAX_LENGTH = 120;
 /**
  * List directory contents
  */ function listDir(dirPath) {
-    if (!exists(dirPath)) return [];
+    if (!fs_exists(dirPath)) return [];
     return external_node_fs_.readdirSync(dirPath);
 }
 /**
  * Check if path is a directory
  */ function isDirectory(targetPath) {
-    if (!exists(targetPath)) return false;
+    if (!fs_exists(targetPath)) return false;
     return external_node_fs_.statSync(targetPath).isDirectory();
 }
 /**
  * Check if path is a symbolic link
  */ function isSymlink(targetPath) {
-    if (!exists(targetPath)) return false;
+    if (!fs_exists(targetPath)) return false;
     return external_node_fs_.lstatSync(targetPath).isSymbolicLink();
 }
 /**
@@ -720,7 +970,7 @@ const SKILLS_SUBDIR = 'skills';
 }
 /**
  * Validate path safety (prevent path traversal attacks)
- */ function isPathSafe(basePath, targetPath) {
+ */ function fs_isPathSafe(basePath, targetPath) {
     const normalizedBase = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(basePath));
     const normalizedTarget = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(targetPath));
     return normalizedTarget.startsWith(normalizedBase + __WEBPACK_EXTERNAL_MODULE_node_path__.sep) || normalizedTarget === normalizedBase;
@@ -1028,7 +1278,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
  */ async function downloadFile(url, destPath, options = {}) {
     const { timeout = 60000, headers = {} } = options;
     // Ensure destination directory exists
-    ensureDir(__WEBPACK_EXTERNAL_MODULE_node_path__.dirname(destPath));
+    fs_ensureDir(__WEBPACK_EXTERNAL_MODULE_node_path__.dirname(destPath));
     try {
         // Use native fetch for HTTP/HTTPS
         const controller = new AbortController();
@@ -1070,7 +1320,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
     const detectedFormat = format || detectArchiveFormat(archivePath);
     if (!detectedFormat) throw new Error(`Unable to detect archive format for: ${archivePath}`);
     // Ensure destination directory exists
-    ensureDir(destDir);
+    fs_ensureDir(destDir);
     switch(detectedFormat){
         case 'tar.gz':
         case 'tgz':
@@ -1094,7 +1344,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
     try {
         // Extract to a temp directory first to handle single-folder archives
         const tempExtractDir = `${destDir}.extract-temp`;
-        ensureDir(tempExtractDir);
+        fs_ensureDir(tempExtractDir);
         await execAsync(`tar ${flags} "${archivePath}" -C "${tempExtractDir}"`, {
             encoding: 'utf-8'
         });
@@ -1110,7 +1360,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
                     const dest = __WEBPACK_EXTERNAL_MODULE_node_path__.join(destDir, item);
                     external_node_fs_.renameSync(src, dest);
                 }
-                remove(tempExtractDir);
+                fs_remove(tempExtractDir);
                 return;
             }
         }
@@ -1120,7 +1370,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
             const dest = __WEBPACK_EXTERNAL_MODULE_node_path__.join(destDir, item);
             external_node_fs_.renameSync(src, dest);
         }
-        remove(tempExtractDir);
+        fs_remove(tempExtractDir);
     } catch (error) {
         throw new Error(`Failed to extract tar archive: ${error.message}`);
     }
@@ -1134,7 +1384,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
     try {
         // Extract to a temp directory first
         const tempExtractDir = `${destDir}.extract-temp`;
-        ensureDir(tempExtractDir);
+        fs_ensureDir(tempExtractDir);
         // Try using unzip command (available on most systems)
         await execAsync(`unzip -q "${archivePath}" -d "${tempExtractDir}"`, {
             encoding: 'utf-8'
@@ -1151,7 +1401,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
                     const dest = __WEBPACK_EXTERNAL_MODULE_node_path__.join(destDir, item);
                     external_node_fs_.renameSync(src, dest);
                 }
-                remove(tempExtractDir);
+                fs_remove(tempExtractDir);
                 return;
             }
         }
@@ -1161,7 +1411,7 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
             const dest = __WEBPACK_EXTERNAL_MODULE_node_path__.join(destDir, item);
             external_node_fs_.renameSync(src, dest);
         }
-        remove(tempExtractDir);
+        fs_remove(tempExtractDir);
     } catch (error) {
         throw new Error(`Failed to extract zip archive: ${error.message}`);
     }
@@ -1202,514 +1452,136 @@ const git_execAsync = (0, __WEBPACK_EXTERNAL_MODULE_node_util__.promisify)(__WEB
     }
 }
 /**
- * Skill Parser - SKILL.md parser
+ * Installer - Multi-Agent installer
  *
- * Following agentskills.io specification: https://agentskills.io/specification
+ * Supports two installation modes:
+ * - symlink: Canonical location (.agents/skills/) + symlinks to each agent directory
+ * - copy: Direct copy to each agent directory
  *
- * SKILL.md format requirements:
- * - YAML frontmatter containing name and description (required)
- * - name: max 64 characters, lowercase letters, numbers, hyphens
- * - description: max 1024 characters
- * - Optional fields: license, compatibility, metadata, allowed-tools
- */ /**
- * Skill validation error
- */ class SkillValidationError extends Error {
-    field;
-    constructor(message, field){
-        super(message), this.field = field;
-        this.name = 'SkillValidationError';
-    }
+ * Reference: https://github.com/vercel-labs/add-skill/blob/main/src/installer.ts
+ */ const installer_AGENTS_DIR = '.agents';
+const installer_SKILLS_SUBDIR = 'skills';
+/**
+ * Marker comment in auto-generated Cursor bridge rule files.
+ * Used to distinguish auto-generated files from manually created ones.
+ */ const CURSOR_BRIDGE_MARKER = '<!-- reskill:auto-generated -->';
+/**
+ * Default files to exclude when copying skills
+ * These files are typically used for repository metadata and should not be copied to agent directories
+ */ const installer_DEFAULT_EXCLUDE_FILES = [
+    'README.md',
+    'metadata.json',
+    '.reskill-commit'
+];
+/**
+ * Prefix for files that should be excluded (internal/private files)
+ */ const installer_EXCLUDE_PREFIX = '_';
+/**
+ * Sanitize filename to prevent path traversal attacks
+ */ function installer_sanitizeName(name) {
+    // Remove path separators and special characters
+    let sanitized = name.replace(/[/\\:\0]/g, '');
+    // Remove leading and trailing dots and spaces
+    sanitized = sanitized.replace(/^[.\s]+|[.\s]+$/g, '');
+    // Remove leading dots
+    sanitized = sanitized.replace(/^\.+/, '');
+    if (!sanitized || 0 === sanitized.length) sanitized = 'unnamed-skill';
+    if (sanitized.length > 255) sanitized = sanitized.substring(0, 255);
+    return sanitized;
 }
 /**
- * Simple YAML frontmatter parser
- * Parses --- delimited YAML header
+ * Validate path safety
+ */ function installer_isPathSafe(basePath, targetPath) {
+    const normalizedBase = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(basePath));
+    const normalizedTarget = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(targetPath));
+    return normalizedTarget.startsWith(normalizedBase + __WEBPACK_EXTERNAL_MODULE_node_path__.sep) || normalizedTarget === normalizedBase;
+}
+/**
+ * Get canonical skills directory path
  *
- * Supports:
- * - Basic key: value pairs
- * - Multiline strings (| and >)
- * - Nested objects (one level deep, for metadata field)
- */ function parseFrontmatter(content) {
-    const frontmatterRegex = /^---\r?\n([\s\S]*?)\r?\n---\r?\n([\s\S]*)$/;
-    const match = content.match(frontmatterRegex);
-    if (!match) return {
-        data: {},
-        content
-    };
-    const yamlContent = match[1];
-    const markdownContent = match[2];
-    // Simple YAML parsing (supports basic key: value, one level of nesting,
-    // block scalars (| and >), and plain scalars spanning multiple indented lines)
-    const data = {};
-    const lines = yamlContent.split('\n');
-    let currentKey = '';
-    let currentValue = '';
-    let inMultiline = false;
-    let inNestedObject = false;
-    let inPlainScalar = false;
-    let nestedObject = {};
-    /**
-   * Save the current key/value accumulated so far, then reset state.
-   */ function flushCurrent() {
-        if (!currentKey) return;
-        if (inNestedObject) {
-            data[currentKey] = nestedObject;
-            nestedObject = {};
-            inNestedObject = false;
-        } else if (inPlainScalar || inMultiline) {
-            data[currentKey] = currentValue.trim();
-            inPlainScalar = false;
-            inMultiline = false;
-        } else data[currentKey] = parseYamlValue(currentValue.trim());
-        currentKey = '';
-        currentValue = '';
-    }
-    for (const line of lines){
-        const trimmedLine = line.trim();
-        if (!trimmedLine || trimmedLine.startsWith('#')) continue;
-        const isIndented = line.startsWith('  ');
-        // ---- Inside a block scalar (| or >) ----
-        if (inMultiline) {
-            if (isIndented) {
-                currentValue += (currentValue ? '\n' : '') + line.slice(2);
-                continue;
-            }
-            // Unindented line ends the block scalar — fall through to top-level parsing
-            flushCurrent();
-        }
-        // ---- Inside a plain scalar (multiline value without | or >) ----
-        if (inPlainScalar) {
-            if (isIndented) {
-                // Continuation line: join with a space (YAML plain scalar folding)
-                currentValue += ` ${trimmedLine}`;
-                continue;
-            }
-            // Unindented line ends the plain scalar — fall through to top-level parsing
-            flushCurrent();
-        }
-        // ---- Inside a nested object ----
-        if (inNestedObject && isIndented) {
-            const nestedMatch = line.match(/^ {2}([a-zA-Z_-]+):\s*(.*)$/);
-            if (nestedMatch) {
-                const [, nestedKey, nestedValue] = nestedMatch;
-                nestedObject[nestedKey] = parseYamlValue(nestedValue.trim());
-                continue;
-            }
-            // Indented line that isn't a nested key:value — this key was actually
-            // a plain scalar, not a nested object. Switch modes.
-            inNestedObject = false;
-            inPlainScalar = true;
-            currentValue = trimmedLine;
-            continue;
-        }
-        // ---- Top-level key: value ----
-        const keyValueMatch = line.match(/^([a-zA-Z_-]+):\s*(.*)$/);
-        if (keyValueMatch) {
-            flushCurrent();
-            currentKey = keyValueMatch[1];
-            currentValue = keyValueMatch[2];
-            if ('|' === currentValue || '>' === currentValue) {
-                inMultiline = true;
-                currentValue = '';
-            } else if ('' === currentValue) {
-                // Empty value — could be nested object or plain scalar; peek at next lines
-                inNestedObject = true;
-                nestedObject = {};
-            }
-            continue;
-        }
-        // ---- Unindented line that isn't key:value while in nested object ----
-        if (inNestedObject) flushCurrent();
-    }
-    // Save last accumulated value
-    flushCurrent();
-    return {
-        data,
-        content: markdownContent
-    };
+ * @param isGlobal - Whether installing globally
+ * @param cwd - Current working directory
+ * @param installDir - Custom installation directory (relative to cwd), overrides default
+ */ function installer_getCanonicalSkillsDir(isGlobal, cwd, installDir) {
+    const baseDir = isGlobal ? (0, __WEBPACK_EXTERNAL_MODULE_node_os__.homedir)() : cwd || process.cwd();
+    // Use custom installDir if provided, otherwise use default
+    if (installDir && !isGlobal) return __WEBPACK_EXTERNAL_MODULE_node_path__.join(baseDir, installDir);
+    return __WEBPACK_EXTERNAL_MODULE_node_path__.join(baseDir, installer_AGENTS_DIR, installer_SKILLS_SUBDIR);
 }
 /**
- * Parse YAML value
- */ function parseYamlValue(value) {
-    if (!value) return '';
-    // Boolean value
-    if ('true' === value) return true;
-    if ('false' === value) return false;
-    // Number
-    if (/^-?\d+$/.test(value)) return parseInt(value, 10);
-    if (/^-?\d+\.\d+$/.test(value)) return parseFloat(value);
-    // Remove quotes
-    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) return value.slice(1, -1);
-    return value;
+ * Ensure directory exists
+ */ function installer_ensureDir(dirPath) {
+    if (!external_node_fs_.existsSync(dirPath)) external_node_fs_.mkdirSync(dirPath, {
+        recursive: true
+    });
 }
 /**
- * Validate skill name format
- *
- * Specification requirements:
- * - Max 64 characters
- * - Only lowercase letters, numbers, hyphens allowed
- * - Cannot start or end with hyphen
- * - Cannot contain consecutive hyphens
- */ function validateSkillName(name) {
-    if (!name) throw new SkillValidationError('Skill name is required', 'name');
-    if (name.length > 64) throw new SkillValidationError('Skill name must be at most 64 characters', 'name');
-    if (!/^[a-z0-9]/.test(name)) throw new SkillValidationError('Skill name must start with a lowercase letter or number', 'name');
-    if (!/[a-z0-9]$/.test(name)) throw new SkillValidationError('Skill name must end with a lowercase letter or number', 'name');
-    if (/--/.test(name)) throw new SkillValidationError('Skill name cannot contain consecutive hyphens', 'name');
-    if (!/^[a-z0-9][a-z0-9-]*[a-z0-9]$/.test(name) && name.length > 1) throw new SkillValidationError('Skill name can only contain lowercase letters, numbers, and hyphens', 'name');
-    // Single character name
-    if (1 === name.length && !/^[a-z0-9]$/.test(name)) throw new SkillValidationError('Single character skill name must be a lowercase letter or number', 'name');
+ * Remove file or directory
+ */ function installer_remove(targetPath) {
+    if (external_node_fs_.existsSync(targetPath)) external_node_fs_.rmSync(targetPath, {
+        recursive: true,
+        force: true
+    });
 }
 /**
- * Validate skill description
+ * Copy directory with file exclusion
  *
- * Specification requirements:
- * - Max 1024 characters
- * - Angle brackets are allowed per agentskills.io spec
- */ function validateSkillDescription(description) {
-    if (!description) throw new SkillValidationError('Skill description is required', 'description');
-    if (description.length > 1024) throw new SkillValidationError('Skill description must be at most 1024 characters', 'description');
-// Note: angle brackets are allowed per agentskills.io spec
+ * By default excludes:
+ * - Files in DEFAULT_EXCLUDE_FILES (README.md, metadata.json, .reskill-commit)
+ * - Files starting with EXCLUDE_PREFIX ('_')
+ */ function installer_copyDirectory(src, dest, options) {
+    const exclude = new Set(options?.exclude || installer_DEFAULT_EXCLUDE_FILES);
+    installer_ensureDir(dest);
+    const entries = external_node_fs_.readdirSync(src, {
+        withFileTypes: true
+    });
+    for (const entry of entries){
+        // Skip files starting with EXCLUDE_PREFIX and files in exclude list
+        if (exclude.has(entry.name) || entry.name.startsWith(installer_EXCLUDE_PREFIX)) continue;
+        const srcPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(src, entry.name);
+        const destPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dest, entry.name);
+        if (entry.isDirectory()) installer_copyDirectory(srcPath, destPath, options);
+        else external_node_fs_.copyFileSync(srcPath, destPath);
+    }
 }
 /**
- * Parse SKILL.md content
+ * Create symbolic link
  *
- * @param content - SKILL.md file content
- * @param options - Parse options
- * @returns Parsed skill info, or null if format is invalid
- * @throws SkillValidationError if validation fails in strict mode
- */ function parseSkillMd(content, options = {}) {
-    const { strict = false } = options;
+ * @returns true if successful, false if needs to fallback to copy
+ */ async function installer_createSymlink(target, linkPath) {
     try {
-        const { data, content: body } = parseFrontmatter(content);
-        // Check required fields
-        if (!data.name || !data.description) {
-            if (strict) throw new SkillValidationError('SKILL.md must have name and description in frontmatter');
-            return null;
-        }
-        const name = String(data.name);
-        const description = String(data.description);
-        // Validate field format
-        if (strict) {
-            validateSkillName(name);
-            validateSkillDescription(description);
-        }
-        // Parse allowed-tools
-        let allowedTools;
-        if (data['allowed-tools']) {
-            const toolsStr = String(data['allowed-tools']);
-            allowedTools = toolsStr.split(/\s+/).filter(Boolean);
+        // Check existing link
+        try {
+            const stats = external_node_fs_.lstatSync(linkPath);
+            if (stats.isSymbolicLink()) {
+                const existingTarget = external_node_fs_.readlinkSync(linkPath);
+                if (__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(existingTarget) === __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(target)) return true;
+                external_node_fs_.rmSync(linkPath);
+            } else external_node_fs_.rmSync(linkPath, {
+                recursive: true
+            });
+        } catch (err) {
+            // ELOOP = circular symlink, ENOENT = does not exist
+            if (err && 'object' == typeof err && 'code' in err) {
+                if ('ELOOP' === err.code) try {
+                    external_node_fs_.rmSync(linkPath, {
+                        force: true
+                    });
+                } catch  {
+                // If unable to delete, symlink creation will fail and trigger copy fallback
+                }
+            }
+        // For ENOENT or other errors, continue trying to create symlink
         }
-        return {
-            name,
-            description,
-            version: data.version ? String(data.version) : void 0,
-            license: data.license ? String(data.license) : void 0,
-            compatibility: data.compatibility ? String(data.compatibility) : void 0,
-            metadata: data.metadata,
-            allowedTools,
-            content: body,
-            rawContent: content
-        };
-    } catch (error) {
-        if (error instanceof SkillValidationError) throw error;
-        if (strict) throw new SkillValidationError(`Failed to parse SKILL.md: ${error}`);
-        return null;
-    }
-}
-/**
- * Parse SKILL.md from file path
- */ function skill_parser_parseSkillMdFile(filePath, options = {}) {
-    if (!external_node_fs_.existsSync(filePath)) {
-        if (options.strict) throw new SkillValidationError(`SKILL.md not found: ${filePath}`);
-        return null;
-    }
-    const content = external_node_fs_.readFileSync(filePath, 'utf-8');
-    return parseSkillMd(content, options);
-}
-/**
- * Parse SKILL.md from skill directory
- */ function parseSkillFromDir(dirPath, options = {}) {
-    const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dirPath, 'SKILL.md');
-    return skill_parser_parseSkillMdFile(skillMdPath, options);
-}
-/**
- * Check if directory contains valid SKILL.md
- */ function hasValidSkillMd(dirPath) {
-    const skillMdPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dirPath, 'SKILL.md');
-    if (!external_node_fs_.existsSync(skillMdPath)) return false;
-    try {
-        const skill = skill_parser_parseSkillMdFile(skillMdPath);
-        return null !== skill;
-    } catch  {
-        return false;
-    }
-}
-const SKIP_DIRS = [
-    'node_modules',
-    '.git',
-    'dist',
-    'build',
-    '__pycache__'
-];
-const MAX_DISCOVER_DEPTH = 5;
-const PRIORITY_SKILL_DIRS = [
-    'skills',
-    '.agents/skills',
-    '.cursor/skills',
-    '.claude/skills',
-    '.windsurf/skills',
-    '.github/skills'
-];
-function findSkillDirsRecursive(dir, depth, maxDepth, visitedDirs) {
-    if (depth > maxDepth) return [];
-    const resolvedDir = __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(dir);
-    if (visitedDirs.has(resolvedDir)) return [];
-    if (!external_node_fs_.existsSync(dir) || !external_node_fs_.statSync(dir).isDirectory()) return [];
-    visitedDirs.add(resolvedDir);
-    const results = [];
-    let entries;
-    try {
-        entries = external_node_fs_.readdirSync(dir);
-    } catch  {
-        return [];
-    }
-    for (const entry of entries){
-        if (SKIP_DIRS.includes(entry)) continue;
-        const fullPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dir, entry);
-        const resolvedFull = __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(fullPath);
-        if (visitedDirs.has(resolvedFull)) continue;
-        let stat;
-        try {
-            stat = external_node_fs_.statSync(fullPath);
-        } catch  {
-            continue;
-        }
-        if (!!stat.isDirectory()) {
-            if (hasValidSkillMd(fullPath)) results.push(fullPath);
-            results.push(...findSkillDirsRecursive(fullPath, depth + 1, maxDepth, visitedDirs));
-        }
-    }
-    return results;
-}
-/**
- * Discover all skills in a directory by scanning for SKILL.md files.
- *
- * Strategy:
- * 1. Check root for SKILL.md
- * 2. Search priority directories (skills/, .agents/skills/, .cursor/skills/, etc.)
- * 3. Fall back to recursive search (max depth 5, skip node_modules, .git, dist, etc.)
- *
- * @param basePath - Root directory to search
- * @returns List of parsed skills with their directory paths (absolute)
- */ function discoverSkillsInDir(basePath) {
-    const resolvedBase = __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(basePath);
-    const results = [];
-    const seenNames = new Set();
-    function addSkill(dirPath) {
-        const skill = parseSkillFromDir(dirPath);
-        if (skill && !seenNames.has(skill.name)) {
-            seenNames.add(skill.name);
-            results.push({
-                ...skill,
-                dirPath: __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(dirPath)
-            });
-        }
-    }
-    if (hasValidSkillMd(resolvedBase)) addSkill(resolvedBase);
-    // Track visited directories to avoid redundant I/O during recursive scan
-    const visitedDirs = new Set();
-    for (const sub of PRIORITY_SKILL_DIRS){
-        const dir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(resolvedBase, sub);
-        if (!!external_node_fs_.existsSync(dir) && !!external_node_fs_.statSync(dir).isDirectory()) {
-            visitedDirs.add(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(dir));
-            try {
-                const entries = external_node_fs_.readdirSync(dir);
-                for (const entry of entries){
-                    const skillDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dir, entry);
-                    try {
-                        if (external_node_fs_.statSync(skillDir).isDirectory() && hasValidSkillMd(skillDir)) {
-                            addSkill(skillDir);
-                            visitedDirs.add(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(skillDir));
-                        }
-                    } catch  {
-                    // Skip entries that can't be stat'd (race condition, permission, etc.)
-                    }
-                }
-            } catch  {
-            // Skip if unreadable
-            }
-        }
-    }
-    const recursiveDirs = findSkillDirsRecursive(resolvedBase, 0, MAX_DISCOVER_DEPTH, visitedDirs);
-    for (const skillDir of recursiveDirs)addSkill(skillDir);
-    return results;
-}
-/**
- * Filter skills by name (case-insensitive exact match).
- *
- * Note: an empty `names` array returns an empty result (not all skills).
- * Callers should check `names.length` before calling if "no filter = all" is desired.
- *
- * @param skills - List of discovered skills
- * @param names - Skill names to match (e.g. from --skill pdf commit)
- * @returns Skills whose name matches any of the given names
- */ function filterSkillsByName(skills, names) {
-    const normalized = names.map((n)=>n.toLowerCase());
-    return skills.filter((skill)=>{
-        // Match against SKILL.md name field
-        if (normalized.includes(skill.name.toLowerCase())) return true;
-        // Also match against the directory name (basename of dirPath)
-        // Users naturally refer to skills by their directory name
-        const dirName = __WEBPACK_EXTERNAL_MODULE_node_path__.basename(skill.dirPath).toLowerCase();
-        return normalized.includes(dirName);
-    });
-}
-/**
- * Generate SKILL.md content
- */ function generateSkillMd(skill) {
-    const frontmatter = [
-        '---'
-    ];
-    frontmatter.push(`name: ${skill.name}`);
-    frontmatter.push(`description: ${skill.description}`);
-    if (skill.license) frontmatter.push(`license: ${skill.license}`);
-    if (skill.compatibility) frontmatter.push(`compatibility: ${skill.compatibility}`);
-    if (skill.allowedTools && skill.allowedTools.length > 0) frontmatter.push(`allowed-tools: ${skill.allowedTools.join(' ')}`);
-    frontmatter.push('---');
-    frontmatter.push('');
-    return frontmatter.join('\n') + skill.content;
-}
-/**
- * Installer - Multi-Agent installer
- *
- * Supports two installation modes:
- * - symlink: Canonical location (.agents/skills/) + symlinks to each agent directory
- * - copy: Direct copy to each agent directory
- *
- * Reference: https://github.com/vercel-labs/add-skill/blob/main/src/installer.ts
- */ const installer_AGENTS_DIR = '.agents';
-const installer_SKILLS_SUBDIR = 'skills';
-/**
- * Marker comment in auto-generated Cursor bridge rule files.
- * Used to distinguish auto-generated files from manually created ones.
- */ const CURSOR_BRIDGE_MARKER = '<!-- reskill:auto-generated -->';
-/**
- * Default files to exclude when copying skills
- * These files are typically used for repository metadata and should not be copied to agent directories
- */ const DEFAULT_EXCLUDE_FILES = [
-    'README.md',
-    'metadata.json',
-    '.reskill-commit'
-];
-/**
- * Prefix for files that should be excluded (internal/private files)
- */ const EXCLUDE_PREFIX = '_';
-/**
- * Sanitize filename to prevent path traversal attacks
- */ function installer_sanitizeName(name) {
-    // Remove path separators and special characters
-    let sanitized = name.replace(/[/\\:\0]/g, '');
-    // Remove leading and trailing dots and spaces
-    sanitized = sanitized.replace(/^[.\s]+|[.\s]+$/g, '');
-    // Remove leading dots
-    sanitized = sanitized.replace(/^\.+/, '');
-    if (!sanitized || 0 === sanitized.length) sanitized = 'unnamed-skill';
-    if (sanitized.length > 255) sanitized = sanitized.substring(0, 255);
-    return sanitized;
-}
-/**
- * Validate path safety
- */ function installer_isPathSafe(basePath, targetPath) {
-    const normalizedBase = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(basePath));
-    const normalizedTarget = __WEBPACK_EXTERNAL_MODULE_node_path__.normalize(__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(targetPath));
-    return normalizedTarget.startsWith(normalizedBase + __WEBPACK_EXTERNAL_MODULE_node_path__.sep) || normalizedTarget === normalizedBase;
-}
-/**
- * Get canonical skills directory path
- *
- * @param isGlobal - Whether installing globally
- * @param cwd - Current working directory
- * @param installDir - Custom installation directory (relative to cwd), overrides default
- */ function installer_getCanonicalSkillsDir(isGlobal, cwd, installDir) {
-    const baseDir = isGlobal ? (0, __WEBPACK_EXTERNAL_MODULE_node_os__.homedir)() : cwd || process.cwd();
-    // Use custom installDir if provided, otherwise use default
-    if (installDir && !isGlobal) return __WEBPACK_EXTERNAL_MODULE_node_path__.join(baseDir, installDir);
-    return __WEBPACK_EXTERNAL_MODULE_node_path__.join(baseDir, installer_AGENTS_DIR, installer_SKILLS_SUBDIR);
-}
-/**
- * Ensure directory exists
- */ function installer_ensureDir(dirPath) {
-    if (!external_node_fs_.existsSync(dirPath)) external_node_fs_.mkdirSync(dirPath, {
-        recursive: true
-    });
-}
-/**
- * Remove file or directory
- */ function installer_remove(targetPath) {
-    if (external_node_fs_.existsSync(targetPath)) external_node_fs_.rmSync(targetPath, {
-        recursive: true,
-        force: true
-    });
-}
-/**
- * Copy directory with file exclusion
- *
- * By default excludes:
- * - Files in DEFAULT_EXCLUDE_FILES (README.md, metadata.json, .reskill-commit)
- * - Files starting with EXCLUDE_PREFIX ('_')
- */ function copyDirectory(src, dest, options) {
-    const exclude = new Set(options?.exclude || DEFAULT_EXCLUDE_FILES);
-    installer_ensureDir(dest);
-    const entries = external_node_fs_.readdirSync(src, {
-        withFileTypes: true
-    });
-    for (const entry of entries){
-        // Skip files starting with EXCLUDE_PREFIX and files in exclude list
-        if (exclude.has(entry.name) || entry.name.startsWith(EXCLUDE_PREFIX)) continue;
-        const srcPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(src, entry.name);
-        const destPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(dest, entry.name);
-        if (entry.isDirectory()) copyDirectory(srcPath, destPath, options);
-        else external_node_fs_.copyFileSync(srcPath, destPath);
-    }
-}
-/**
- * Create symbolic link
- *
- * @returns true if successful, false if needs to fallback to copy
- */ async function installer_createSymlink(target, linkPath) {
-    try {
-        // Check existing link
-        try {
-            const stats = external_node_fs_.lstatSync(linkPath);
-            if (stats.isSymbolicLink()) {
-                const existingTarget = external_node_fs_.readlinkSync(linkPath);
-                if (__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(existingTarget) === __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(target)) return true;
-                external_node_fs_.rmSync(linkPath);
-            } else external_node_fs_.rmSync(linkPath, {
-                recursive: true
-            });
-        } catch (err) {
-            // ELOOP = circular symlink, ENOENT = does not exist
-            if (err && 'object' == typeof err && 'code' in err) {
-                if ('ELOOP' === err.code) try {
-                    external_node_fs_.rmSync(linkPath, {
-                        force: true
-                    });
-                } catch  {
-                // If unable to delete, symlink creation will fail and trigger copy fallback
-                }
-            }
-        // For ENOENT or other errors, continue trying to create symlink
-        }
-        // Ensure parent directory exists
-        const linkDir = __WEBPACK_EXTERNAL_MODULE_node_path__.dirname(linkPath);
-        installer_ensureDir(linkDir);
-        // Calculate relative path
-        const relativePath = __WEBPACK_EXTERNAL_MODULE_node_path__.relative(linkDir, target);
-        // Windows uses junction, other systems use default
-        const symlinkType = 'win32' === (0, __WEBPACK_EXTERNAL_MODULE_node_os__.platform)() ? 'junction' : void 0;
-        external_node_fs_.symlinkSync(relativePath, linkPath, symlinkType);
-        return true;
+        // Ensure parent directory exists
+        const linkDir = __WEBPACK_EXTERNAL_MODULE_node_path__.dirname(linkPath);
+        installer_ensureDir(linkDir);
+        // Calculate relative path
+        const relativePath = __WEBPACK_EXTERNAL_MODULE_node_path__.relative(linkDir, target);
+        // Windows uses junction, other systems use default
+        const symlinkType = 'win32' === (0, __WEBPACK_EXTERNAL_MODULE_node_os__.platform)() ? 'junction' : void 0;
+        external_node_fs_.symlinkSync(relativePath, linkPath, symlinkType);
+        return true;
     } catch  {
         return false;
     }
@@ -1735,6 +1607,7 @@ const installer_SKILLS_SUBDIR = 'skills';
     /**
    * Get agent's skill installation path
    */ getAgentSkillPath(skillName, agentType) {
+        if (agentType === CLAUDE_COWORK_3P_AGENT) return getClaude3pSkillPath(skillName);
         const agent = getAgentConfig(agentType);
         const sanitized = installer_sanitizeName(skillName);
         const agentBase = this.isGlobal ? agent.globalSkillsDir : __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.cwd, agent.skillsDir);
@@ -1748,6 +1621,9 @@ const installer_SKILLS_SUBDIR = 'skills';
    * @param agentType - Target agent type
    * @param options - Installation options
    */ async installForAgent(sourcePath, skillName, agentType, options = {}) {
+        if (agentType === CLAUDE_COWORK_3P_AGENT) return installClaude3pSkill(sourcePath, skillName, {
+            mode: options.mode
+        });
         const agent = getAgentConfig(agentType);
         const installMode = options.mode || 'symlink';
         const sanitized = installer_sanitizeName(skillName);
@@ -1776,7 +1652,7 @@ const installer_SKILLS_SUBDIR = 'skills';
             if ('copy' === installMode) {
                 installer_ensureDir(agentDir);
                 installer_remove(agentDir);
-                copyDirectory(sourcePath, agentDir);
+                installer_copyDirectory(sourcePath, agentDir);
                 result = {
                     success: true,
                     path: agentDir,
@@ -1786,7 +1662,7 @@ const installer_SKILLS_SUBDIR = 'skills';
                 // Symlink mode: copy to canonical location, then create symlink
                 installer_ensureDir(canonicalDir);
                 installer_remove(canonicalDir);
-                copyDirectory(sourcePath, canonicalDir);
+                installer_copyDirectory(sourcePath, canonicalDir);
                 const symlinkCreated = await installer_createSymlink(canonicalDir, agentDir);
                 if (symlinkCreated) result = {
                     success: true,
@@ -1802,7 +1678,7 @@ const installer_SKILLS_SUBDIR = 'skills';
                     // Ignore cleanup errors
                     }
                     installer_ensureDir(agentDir);
-                    copyDirectory(sourcePath, agentDir);
+                    installer_copyDirectory(sourcePath, agentDir);
                     result = {
                         success: true,
                         path: agentDir,
@@ -1837,10 +1713,14 @@ const installer_SKILLS_SUBDIR = 'skills';
     /**
    * Check if skill is installed to specified agent
    */ isInstalled(skillName, agentType) {
-        const skillPath = this.getAgentSkillPath(skillName, agentType);
-        return external_node_fs_.existsSync(skillPath);
-    }
-    /**
+        try {
+            const skillPath = this.getAgentSkillPath(skillName, agentType);
+            return external_node_fs_.existsSync(skillPath);
+        } catch  {
+            return false;
+        }
+    }
+    /**
    * Check if skill is installed in canonical location
    */ isInstalledInCanonical(skillName) {
         const canonicalPath = this.getCanonicalPath(skillName);
@@ -1849,6 +1729,11 @@ const installer_SKILLS_SUBDIR = 'skills';
     /**
    * Uninstall skill from specified agent
    */ uninstallFromAgent(skillName, agentType) {
+        if (agentType === CLAUDE_COWORK_3P_AGENT) try {
+            return uninstallClaude3pSkill(skillName);
+        } catch  {
+            return false;
+        }
         const skillPath = this.getAgentSkillPath(skillName, agentType);
         if (!external_node_fs_.existsSync(skillPath)) return false;
         installer_remove(skillPath);
@@ -1869,6 +1754,11 @@ const installer_SKILLS_SUBDIR = 'skills';
     /**
    * Get all skills installed to specified agent
    */ listInstalledSkills(agentType) {
+        if (agentType === CLAUDE_COWORK_3P_AGENT) try {
+            return listClaude3pSkills();
+        } catch  {
+            return [];
+        }
         const agent = getAgentConfig(agentType);
         const skillsDir = this.isGlobal ? agent.globalSkillsDir : __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.cwd, agent.skillsDir);
         if (!external_node_fs_.existsSync(skillsDir)) return [];
@@ -1996,7 +1886,7 @@ ${CURSOR_BRIDGE_MARKER}
    * Check if skill is cached
    */ isCached(parsed, version) {
         const cachePath = this.getSkillCachePath(parsed, version);
-        return exists(cachePath) && isDirectory(cachePath);
+        return fs_exists(cachePath) && isDirectory(cachePath);
     }
     /**
    * Get cached skill
@@ -2008,7 +1898,7 @@ ${CURSOR_BRIDGE_MARKER}
         let commit = '';
         try {
             const fs = await import("node:fs");
-            if (exists(commitFile)) commit = fs.readFileSync(commitFile, 'utf-8').trim();
+            if (fs_exists(commitFile)) commit = fs.readFileSync(commitFile, 'utf-8').trim();
         } catch  {
         // Ignore read errors
         }
@@ -2022,11 +1912,11 @@ ${CURSOR_BRIDGE_MARKER}
    */ async cache(repoUrl, parsed, ref, version) {
         const cachePath = this.getSkillCachePath(parsed, version);
         // If exists, delete first
-        if (exists(cachePath)) remove(cachePath);
-        ensureDir(__WEBPACK_EXTERNAL_MODULE_node_path__.dirname(cachePath));
+        if (fs_exists(cachePath)) fs_remove(cachePath);
+        fs_ensureDir(__WEBPACK_EXTERNAL_MODULE_node_path__.dirname(cachePath));
         // Clone repository
         const tempPath = `${cachePath}.tmp`;
-        remove(tempPath);
+        fs_remove(tempPath);
         await clone(repoUrl, tempPath, {
             depth: 1,
             branch: ref
@@ -2036,8 +1926,8 @@ ${CURSOR_BRIDGE_MARKER}
         // If has subPath, only keep subdirectory
         if (parsed.subPath) {
             const subDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(tempPath, parsed.subPath);
-            if (!exists(subDir)) {
-                remove(tempPath);
+            if (!fs_exists(subDir)) {
+                fs_remove(tempPath);
                 throw new Error(`Subpath ${parsed.subPath} not found in repository`);
             }
             copyDir(subDir, cachePath, {
@@ -2053,7 +1943,7 @@ ${CURSOR_BRIDGE_MARKER}
         // Save commit info
         external_node_fs_.writeFileSync(__WEBPACK_EXTERNAL_MODULE_node_path__.join(cachePath, '.reskill-commit'), commit);
         // Clean up temp directory
-        remove(tempPath);
+        fs_remove(tempPath);
         return {
             path: cachePath,
             commit
@@ -2072,8 +1962,8 @@ ${CURSOR_BRIDGE_MARKER}
    */ async cacheFromHttp(url, parsed, version) {
         const cachePath = this.getSkillCachePath(parsed, version);
         // If exists, delete first
-        if (exists(cachePath)) remove(cachePath);
-        ensureDir(__WEBPACK_EXTERNAL_MODULE_node_path__.dirname(cachePath));
+        if (fs_exists(cachePath)) fs_remove(cachePath);
+        fs_ensureDir(__WEBPACK_EXTERNAL_MODULE_node_path__.dirname(cachePath));
         // Download and extract to cache path
         await downloadAndExtract(url, cachePath);
         // Generate a commit-like identifier from URL and version
@@ -2098,10 +1988,10 @@ ${CURSOR_BRIDGE_MARKER}
         const cached = await this.get(parsed, version);
         if (!cached) throw new Error(`Skill ${parsed.raw} version ${version} not found in cache`);
         // If target exists, delete first
-        if (exists(destPath)) remove(destPath);
+        if (fs_exists(destPath)) fs_remove(destPath);
         // Use same exclude rules as Installer for consistency
         copyDir(cached.path, destPath, {
-            exclude: DEFAULT_EXCLUDE_FILES
+            exclude: installer_DEFAULT_EXCLUDE_FILES
         });
     }
     /**
@@ -2109,22 +1999,22 @@ ${CURSOR_BRIDGE_MARKER}
    */ clearSkill(parsed, version) {
         if (version) {
             const cachePath = this.getSkillCachePath(parsed, version);
-            remove(cachePath);
+            fs_remove(cachePath);
         } else {
             // Clear all versions
             const skillDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.cacheDir, parsed.registry, parsed.owner, parsed.repo);
-            remove(skillDir);
+            fs_remove(skillDir);
         }
     }
     /**
    * Clear all cache
    */ clearAll() {
-        remove(this.cacheDir);
+        fs_remove(this.cacheDir);
     }
     /**
    * Get cache statistics
    */ getStats() {
-        if (!exists(this.cacheDir)) return {
+        if (!fs_exists(this.cacheDir)) return {
             totalSkills: 0,
             registries: []
         };
@@ -2278,7 +2168,7 @@ ${CURSOR_BRIDGE_MARKER}
     /**
    * Check if configuration file exists
    */ exists() {
-        return exists(this.configPath);
+        return fs_exists(this.configPath);
     }
     /**
    * Load configuration from file
@@ -2478,144 +2368,534 @@ ${CURSOR_BRIDGE_MARKER}
                 version = versionMatch[2];
             }
         }
-        // Find matching registry
-        const registryName = this.findRegistryForUrl(url);
-        if (!registryName) return ref;
-        const registryUrl = this.getRegistryUrl(registryName).replace(/\/$/, '');
-        // Extract the path after registry URL
-        let path = url.replace(registryUrl, '').replace(/^\//, '');
-        // Remove .git suffix if present
-        path = path.replace(/\.git$/, '');
-        if (!path) return ref;
-        return `${registryName}:${path}${version}`;
-    }
-    /**
-   * Normalize a Git SSH URL to registry format
-   */ normalizeGitSshUrl(ref) {
-        // Parse: git@host:owner/repo.git[@version] or git@host:owner/repo[@version]
-        // The .git suffix and @version are both optional
-        // Use greedy match for repoPath (.+) to ensure .git is captured as part of the path,
-        // then explicitly remove it. This avoids issues with non-greedy matching and optional groups.
-        const match = ref.match(/^git@([^:]+):(.+?)(@[^@]+)?$/);
-        if (!match) return ref;
-        const [, host, rawRepoPath, version = ''] = match;
-        // Remove .git suffix if present
-        const repoPath = rawRepoPath.replace(/\.git$/, '');
-        const testUrl = `https://${host}`;
-        // Find matching registry
-        const registryName = this.findRegistryForUrl(testUrl);
-        if (!registryName) return ref;
-        return `${registryName}:${repoPath}${version}`;
-    }
-    // ==========================================================================
-    // Skills Management
-    // ==========================================================================
-    /**
-   * Add skill to configuration
-   *
-   * Also auto-adds the registry to the registries field if it's a well-known registry.
-   */ addSkill(name, ref) {
-        if (this._noManifest) return;
-        this.ensureConfigLoaded();
-        if (this.config) {
-            this.config.skills[name] = ref;
-            // Auto-add registry if it's a well-known registry
-            const registryName = this.extractRegistryFromRef(ref);
-            if (registryName && DEFAULT_REGISTRIES[registryName]) this.addRegistry(registryName, DEFAULT_REGISTRIES[registryName]);
-            this.save();
+        // Find matching registry
+        const registryName = this.findRegistryForUrl(url);
+        if (!registryName) return ref;
+        const registryUrl = this.getRegistryUrl(registryName).replace(/\/$/, '');
+        // Extract the path after registry URL
+        let path = url.replace(registryUrl, '').replace(/^\//, '');
+        // Remove .git suffix if present
+        path = path.replace(/\.git$/, '');
+        if (!path) return ref;
+        return `${registryName}:${path}${version}`;
+    }
+    /**
+   * Normalize a Git SSH URL to registry format
+   */ normalizeGitSshUrl(ref) {
+        // Parse: git@host:owner/repo.git[@version] or git@host:owner/repo[@version]
+        // The .git suffix and @version are both optional
+        // Use greedy match for repoPath (.+) to ensure .git is captured as part of the path,
+        // then explicitly remove it. This avoids issues with non-greedy matching and optional groups.
+        const match = ref.match(/^git@([^:]+):(.+?)(@[^@]+)?$/);
+        if (!match) return ref;
+        const [, host, rawRepoPath, version = ''] = match;
+        // Remove .git suffix if present
+        const repoPath = rawRepoPath.replace(/\.git$/, '');
+        const testUrl = `https://${host}`;
+        // Find matching registry
+        const registryName = this.findRegistryForUrl(testUrl);
+        if (!registryName) return ref;
+        return `${registryName}:${repoPath}${version}`;
+    }
+    // ==========================================================================
+    // Skills Management
+    // ==========================================================================
+    /**
+   * Add skill to configuration
+   *
+   * Also auto-adds the registry to the registries field if it's a well-known registry.
+   */ addSkill(name, ref) {
+        if (this._noManifest) return;
+        this.ensureConfigLoaded();
+        if (this.config) {
+            this.config.skills[name] = ref;
+            // Auto-add registry if it's a well-known registry
+            const registryName = this.extractRegistryFromRef(ref);
+            if (registryName && DEFAULT_REGISTRIES[registryName]) this.addRegistry(registryName, DEFAULT_REGISTRIES[registryName]);
+            this.save();
+        }
+    }
+    /**
+   * Add registry to configuration
+   *
+   * Only adds if the registry doesn't already exist.
+   * Note: This method requires config to be loaded first via load() or create().
+   * If config is not loaded, this method is a no-op (silent return) since it's
+   * typically called as a side effect of addSkill() which handles config loading.
+   *
+   * @param name - Registry name (e.g., 'github', 'gitlab', 'internal')
+   * @param url - Registry URL (e.g., 'https://github.com')
+   */ addRegistry(name, url) {
+        if (this._noManifest) return;
+        if (!this.config) // Config not loaded - this is expected when called before load()/create()
+        // Callers like addSkill() ensure config is loaded before calling this
+        return;
+        if (!this.config.registries) this.config.registries = {};
+        // Don't overwrite existing registries
+        if (!this.config.registries[name]) this.config.registries[name] = url;
+    }
+    /**
+   * Extract registry name from a skill reference
+   *
+   * @example
+   * extractRegistryFromRef('github:user/repo@v1.0.0') // 'github'
+   * extractRegistryFromRef('gitlab:user/repo') // 'gitlab'
+   * extractRegistryFromRef('https://github.com/user/repo') // undefined
+   */ extractRegistryFromRef(ref) {
+        // Check for registry format: registry:path[@version]
+        const match = ref.match(/^([a-zA-Z][a-zA-Z0-9-]*):(.+)$/);
+        if (match) {
+            const registryName = match[1];
+            // Exclude URL protocols (http, https, git, ssh)
+            if (![
+                'http',
+                'https',
+                'git',
+                'ssh'
+            ].includes(registryName.toLowerCase())) return registryName;
+        }
+    }
+    /**
+   * Remove skill from configuration
+   *
+   * @returns true if skill was removed, false if it didn't exist
+   */ removeSkill(name) {
+        if (this._noManifest) return false;
+        this.ensureConfigLoaded();
+        if (this.config?.skills[name]) {
+            delete this.config.skills[name];
+            this.save();
+            return true;
+        }
+        return false;
+    }
+    /**
+   * Get all skills as a shallow copy
+   */ getSkills() {
+        if (!this.config) {
+            if (!this.exists()) return {};
+            this.load();
+        }
+        return {
+            ...this.config?.skills
+        };
+    }
+    /**
+   * Check if skill exists in configuration
+   */ hasSkill(name) {
+        const skills = this.getSkills();
+        return name in skills;
+    }
+    /**
+   * Get skill reference by name
+   */ getSkillRef(name) {
+        const skills = this.getSkills();
+        return skills[name];
+    }
+    // ==========================================================================
+    // Private Helpers
+    // ==========================================================================
+    /**
+   * Get loaded config or default (does not throw)
+   */ getConfigOrDefault() {
+        if (this.config) return this.config;
+        if (this.exists()) return this.load();
+        return DEFAULT_SKILLS_JSON;
+    }
+    /**
+   * Ensure config is loaded into memory
+   */ ensureConfigLoaded() {
+        if (!this.config) this.load();
+    }
+}
+/**
+ * ContentScanner - Detect malicious patterns in SKILL.md content
+ *
+ * Features:
+ * - Context-aware: skips safe zones (frontmatter, code blocks, quotes, blockquotes)
+ * - 6 built-in detection rules across 3 risk levels
+ * - Configurable: override levels, disable rules, add custom rules
+ * - Pure string operations in scan() — no fs dependency, suitable for server use
+ * - scanFile() convenience method for CLI use
+ */ // ============================================================================
+// Safe Zone Masking
+// ============================================================================
+/**
+ * Mask safe zones in Markdown content with spaces, preserving line structure.
+ *
+ * Safe zones (content replaced with spaces):
+ * - YAML frontmatter (`---` ... `---` at file start)
+ * - Fenced code blocks (``` or ~~~)
+ * - Indented code blocks (4 spaces / tab after blank line)
+ * - Blockquotes (`> ` prefix)
+ * - Inline code (`` `...` ``)
+ * - Double-quoted text (`"..."`, min 3 chars between quotes)
+ *
+ * Line breaks are preserved so line numbers remain correct.
+ */ function maskSafeZones(content) {
+    const lines = content.split('\n');
+    const result = [];
+    let inFrontmatter = false;
+    let inFencedCode = false;
+    let fenceChar = '';
+    let fenceLength = 0;
+    let prevLineBlank = false;
+    let prevLineIndentedCode = false;
+    for(let i = 0; i < lines.length; i++){
+        const line = lines[i];
+        // --- YAML Frontmatter (only at file start) ---
+        if (0 === i && '---' === line.trim()) {
+            inFrontmatter = true;
+            result.push(maskLine(line));
+            continue;
+        }
+        if (inFrontmatter) {
+            result.push(maskLine(line));
+            if ('---' === line.trim()) inFrontmatter = false;
+            continue;
+        }
+        // --- Fenced code blocks (``` or ~~~) ---
+        const fenceMatch = line.match(/^(`{3,}|~{3,})/);
+        if (!inFencedCode && fenceMatch) {
+            inFencedCode = true;
+            fenceChar = fenceMatch[1][0];
+            fenceLength = fenceMatch[1].length;
+            result.push(maskLine(line));
+            prevLineBlank = false;
+            prevLineIndentedCode = false;
+            continue;
+        }
+        if (inFencedCode) {
+            result.push(maskLine(line));
+            const closeMatch = line.match(/^(`{3,}|~{3,})\s*$/);
+            if (closeMatch && closeMatch[1][0] === fenceChar && closeMatch[1].length >= fenceLength) inFencedCode = false;
+            prevLineBlank = false;
+            prevLineIndentedCode = false;
+            continue;
+        }
+        // --- Blockquote ---
+        if (/^>\s?/.test(line)) {
+            result.push(maskLine(line));
+            prevLineBlank = false;
+            prevLineIndentedCode = false;
+            continue;
+        }
+        // --- Indented code block (4 spaces or tab, after blank line) ---
+        if (/^(?:    |\t)/.test(line) && (prevLineBlank || prevLineIndentedCode)) {
+            result.push(maskLine(line));
+            prevLineBlank = false;
+            prevLineIndentedCode = true;
+            continue;
+        }
+        // --- Normal line: mask inline code and double-quoted text ---
+        result.push(maskInline(line));
+        prevLineBlank = '' === line.trim();
+        prevLineIndentedCode = false;
+    }
+    return result.join('\n');
+}
+/** Replace all characters in a line with spaces (preserving length) */ function maskLine(line) {
+    return ' '.repeat(line.length);
+}
+/**
+ * Mask inline code (`` `...` ``) and double-quoted text (`"..."`) within a line.
+ * Uses regex replacement for efficiency (avoids char-by-char concatenation on long lines).
+ * Single quotes are NOT masked to avoid false matches with apostrophes.
+ */ function maskInline(line) {
+    let result = line;
+    // Inline code: `...`
+    result = result.replace(/`[^`]+`/g, (m)=>' '.repeat(m.length));
+    // Double-quoted text: "..." (min 3 chars between quotes)
+    result = result.replace(/"[^"]{3,}"/g, (m)=>' '.repeat(m.length));
+    return result;
+}
+// ============================================================================
+// Rule Helpers
+// ============================================================================
+/** Find lines matching any of the given patterns, return one match per line */ function findLineMatches(content, patterns) {
+    const lines = content.split('\n');
+    const matches = [];
+    for(let i = 0; i < lines.length; i++)for (const pattern of patterns)if (pattern.test(lines[i])) {
+        matches.push({
+            line: i + 1
+        });
+        break;
+    }
+    return matches;
+}
+// ============================================================================
+// Default Rules
+// ============================================================================
+const SNIPPET_MAX_LENGTH = 120;
+/** Built-in detection rules */ const DEFAULT_RULES = [
+    // Rule 1: Prompt Injection (high)
+    {
+        id: 'prompt-injection',
+        level: 'high',
+        message: 'Detected prompt injection attempt',
+        skipSafeZones: true,
+        check: (content)=>findLineMatches(content, [
+                // English patterns
+                /ignore\s+(all\s+)?previous\s+instructions/i,
+                /disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|rules|context)/i,
+                /you\s+are\s+now\s+(?:(?:a|an)\s+)?(?:(?:\w+\s+){0,3}(?:agent|ai|assistant|bot|model|character|persona|entity|system)|DAN\b|jailbr\w*|unrestricted|unfiltered|free\s+from)/i,
+                /from\s+now\s+on[,\s]+you\s+are/i,
+                /new\s+system\s+prompt/i,
+                /override\s+(your|the)\s+(system|safety|security)\s+(prompt|rules|instructions)/i,
+                /forget\s+(?:all\s+)?(?:your\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|constraints)/i,
+                /(?:you\s+are|you're)\s+(?:now\s+)?entering\s+(?:a\s+)?new\s+(?:mode|context|session)/i,
+                // Chinese patterns (中文提示词注入)
+                /[忽无][略视]\s*(所有\s*)?(之前的?|先前的?|以前的?)?\s*(指令|指示|规则|约束|限制)/,
+                /你现在是/,
+                /从现在开始.{0,10}你是/,
+                /新的系统提示词/,
+                /[覆改]写?\s*(你的|系统)\s*(提示词|规则|指令|安全)/,
+                /忘记\s*(所有\s*)?(之前的?|先前的?)?\s*(指令|指示|规则|约束)/,
+                /进入.{0,5}新的?\s*(模式|上下文|会话)/,
+                /不要遵守.{0,10}(安全|限制|规则|约束)/,
+                /解除.{0,5}(限制|约束|安全)/,
+                /无限制模式/,
+                /安全模式已关闭/
+            ])
+    },
+    // Rule 2: Data Exfiltration (high)
+    {
+        id: 'data-exfiltration',
+        level: 'high',
+        message: 'Detected potential data exfiltration command',
+        skipSafeZones: true,
+        check: (content)=>{
+            const lines = content.split('\n');
+            const matches = [];
+            const commandPattern = /\b(curl|wget|fetch|http\.post|requests\.post|nc\b|ncat|netcat)\b/i;
+            const sensitivePattern = /(\$[A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|AUTH)[A-Z_]*|\$ENV\b|\$\{[^}]*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)[^}]*\})/i;
+            for(let i = 0; i < lines.length; i++)if (commandPattern.test(lines[i]) && sensitivePattern.test(lines[i])) matches.push({
+                line: i + 1
+            });
+            return matches;
+        }
+    },
+    // Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
+    //   Zero-width chars and base64 are suspicious everywhere (even inside code blocks).
+    {
+        id: 'obfuscation',
+        level: 'high',
+        message: 'Detected content obfuscation',
+        skipSafeZones: false,
+        check: (content)=>{
+            const matches = [];
+            const lines = content.split('\n');
+            // Zero-width characters (suspicious in any context)
+            const zeroWidthPattern = /[\u200B\u200C\u200D\uFEFF\u2060\u180E]/;
+            for(let i = 0; i < lines.length; i++)if (zeroWidthPattern.test(lines[i])) matches.push({
+                line: i + 1,
+                snippet: 'Zero-width Unicode characters detected'
+            });
+            // Long base64-like strings (>200 continuous chars)
+            const base64Pattern = /[A-Za-z0-9+/=]{200,}/;
+            for(let i = 0; i < lines.length; i++)if (base64Pattern.test(lines[i])) matches.push({
+                line: i + 1,
+                snippet: 'Suspicious base64-encoded block detected'
+            });
+            return matches;
+        }
+    },
+    // Rule 3b: Large HTML Comments (high) — respects safe zones (code blocks, etc.)
+    //   HTML comments inside fenced code blocks are normal code examples, not obfuscation.
+    {
+        id: 'obfuscation',
+        level: 'high',
+        message: 'Detected content obfuscation',
+        skipSafeZones: true,
+        check: (content)=>{
+            const matches = [];
+            // Large HTML comments (>200 chars of content)
+            const commentRegex = /<!--([\s\S]{200,}?)-->/g;
+            let match;
+            // biome-ignore lint/suspicious/noAssignInExpressions: standard regex exec loop
+            while(null !== (match = commentRegex.exec(content))){
+                const lineNum = content.slice(0, match.index).split('\n').length;
+                matches.push({
+                    line: lineNum,
+                    snippet: `Large HTML comment block (${match[1].length} chars)`
+                });
+            }
+            return matches;
+        }
+    },
+    // Rule 4: Sensitive File Access (medium)
+    {
+        id: 'sensitive-file-access',
+        level: 'medium',
+        message: 'References sensitive file path',
+        skipSafeZones: true,
+        check: (content)=>findLineMatches(content, [
+                /~\/\.ssh\b/,
+                /~\/\.aws\b/,
+                /~\/\.gnupg\b/,
+                /~\/\.config\/gcloud\b/,
+                /\bid_rsa\b/i,
+                /\bid_ed25519\b/i,
+                /\/etc\/passwd\b/,
+                /\/etc\/shadow\b/,
+                /\.env\b(?!\.\w)/
+            ])
+    },
+    // Rule 5: Stealth Instructions (medium) — phrase + action verb matching
+    {
+        id: 'stealth-instructions',
+        level: 'medium',
+        message: 'Detected instruction to hide actions from user',
+        skipSafeZones: true,
+        check: (content)=>{
+            const actionVerbs = 'execute|delete|remove|send|transmit|modify|overwrite|install|download|upload|run|write|create|destroy|drop';
+            const patterns = [
+                // English patterns
+                new RegExp(`silently\\s+(?:${actionVerbs})`, 'i'),
+                new RegExp(`without\\s+telling\\s+the\\s+user.{0,30}(?:${actionVerbs})`, 'i'),
+                new RegExp("(?:do\\s+not|don'?t)\\s+show\\s+.{0,40}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
+                new RegExp("hide\\s+(?:this|the|these|all)\\s+.{0,30}(?:from\\s+the\\s+user|from\\s+user)", 'i'),
+                new RegExp("(?:do\\s+not|don'?t)\\s+mention\\s+.{0,30}(?:to\\s+the\\s+user|to\\s+user)", 'i'),
+                new RegExp("keep\\s+(?:this|it)\\s+(?:a\\s+)?secret\\s+from\\s+(?:the\\s+)?user", 'i'),
+                // Chinese patterns (中文隐蔽指令)
+                /悄悄地?\s*(?:执行|删除|移除|发送|传输|修改|覆盖|安装|下载|上传|运行|写入|创建|销毁|丢弃)/,
+                /不要告诉用户/,
+                /不要让用户知道/,
+                /对用户隐藏/,
+                /在用户不知情的情况下/,
+                /瞒着用户/
+            ];
+            // Safe patterns to exclude (common in legitimate DevOps/automation skills)
+            const safePatterns = [
+                /silently\s+(?:ignore|skip|fail|discard|suppress|continue|pass|drop|swallow)/i,
+                // Chinese safe patterns (中文合法自动化用语)
+                /悄悄地?\s*(?:忽略|跳过|丢弃|抑制|继续|静默)/
+            ];
+            const lines = content.split('\n');
+            const matches = [];
+            for(let i = 0; i < lines.length; i++){
+                const line = lines[i];
+                if (!safePatterns.some((p)=>p.test(line))) {
+                    for (const pattern of patterns)if (pattern.test(line)) {
+                        matches.push({
+                            line: i + 1
+                        });
+                        break;
+                    }
+                }
+            }
+            return matches;
+        }
+    },
+    // Rule 6: Oversized Content (low) — scans ALL content
+    {
+        id: 'oversized-content',
+        level: 'low',
+        message: 'Content exceeds recommended size limit',
+        skipSafeZones: false,
+        check: (content)=>{
+            const MAX_SIZE_BYTES = 51200;
+            const sizeBytes = Buffer.byteLength(content, 'utf-8');
+            if (sizeBytes > MAX_SIZE_BYTES) return [
+                {
+                    snippet: `Content size: ${(sizeBytes / 1024).toFixed(1)}KB (limit: 50KB)`
+                }
+            ];
+            return [];
         }
     }
-    /**
-   * Add registry to configuration
-   *
-   * Only adds if the registry doesn't already exist.
-   * Note: This method requires config to be loaded first via load() or create().
-   * If config is not loaded, this method is a no-op (silent return) since it's
-   * typically called as a side effect of addSkill() which handles config loading.
-   *
-   * @param name - Registry name (e.g., 'github', 'gitlab', 'internal')
-   * @param url - Registry URL (e.g., 'https://github.com')
-   */ addRegistry(name, url) {
-        if (this._noManifest) return;
-        if (!this.config) // Config not loaded - this is expected when called before load()/create()
-        // Callers like addSkill() ensure config is loaded before calling this
-        return;
-        if (!this.config.registries) this.config.registries = {};
-        // Don't overwrite existing registries
-        if (!this.config.registries[name]) this.config.registries[name] = url;
+];
+// ============================================================================
+// ContentScanner
+// ============================================================================
+/** Build the effective rule set from defaults + options */ function buildRuleSet(options) {
+    let rules = DEFAULT_RULES.map((r)=>({
+            ...r
+        }));
+    if (options?.disabledRules?.length) {
+        const disabled = new Set(options.disabledRules);
+        rules = rules.filter((r)=>!disabled.has(r.id));
     }
-    /**
-   * Extract registry name from a skill reference
-   *
-   * @example
-   * extractRegistryFromRef('github:user/repo@v1.0.0') // 'github'
-   * extractRegistryFromRef('gitlab:user/repo') // 'gitlab'
-   * extractRegistryFromRef('https://github.com/user/repo') // undefined
-   */ extractRegistryFromRef(ref) {
-        // Check for registry format: registry:path[@version]
-        const match = ref.match(/^([a-zA-Z][a-zA-Z0-9-]*):(.+)$/);
-        if (match) {
-            const registryName = match[1];
-            // Exclude URL protocols (http, https, git, ssh)
-            if (![
-                'http',
-                'https',
-                'git',
-                'ssh'
-            ].includes(registryName.toLowerCase())) return registryName;
-        }
+    if (options?.overrides) for (const rule of rules){
+        const override = options.overrides[rule.id];
+        if (override) rule.level = override;
     }
-    /**
-   * Remove skill from configuration
-   *
-   * @returns true if skill was removed, false if it didn't exist
-   */ removeSkill(name) {
-        if (this._noManifest) return false;
-        this.ensureConfigLoaded();
-        if (this.config?.skills[name]) {
-            delete this.config.skills[name];
-            this.save();
-            return true;
-        }
-        return false;
+    if (options?.customRules?.length) rules.push(...options.customRules);
+    return rules;
+}
+/**
+ * Content scanner for SKILL.md files.
+ *
+ * Detects prompt injection, data exfiltration, obfuscation, sensitive file
+ * access, stealth instructions, and oversized content.
+ *
+ * @example
+ * ```typescript
+ * // Default usage (CLI)
+ * const scanner = new ContentScanner();
+ * const result = scanner.scan(content);
+ *
+ * // Custom usage (private registry server)
+ * const scanner = new ContentScanner({
+ *   overrides: { 'prompt-injection': 'medium' },
+ *   disabledRules: ['stealth-instructions'],
+ * });
+ * ```
+ */ class ContentScanner {
+    rules;
+    constructor(options){
+        this.rules = buildRuleSet(options);
     }
     /**
-   * Get all skills as a shallow copy
-   */ getSkills() {
-        if (!this.config) {
-            if (!this.exists()) return {};
-            this.load();
+   * Scan content string for malicious patterns.
+   * Pure string operation — no file system access.
+   */ scan(content) {
+        const originalLines = content.split('\n');
+        const maskedContent = maskSafeZones(content);
+        const findings = [];
+        for (const rule of this.rules){
+            const targetContent = rule.skipSafeZones ? maskedContent : content;
+            const matches = rule.check(targetContent);
+            for (const match of matches){
+                // Use custom snippet if provided, otherwise generate from original content
+                const snippet = match.snippet ?? (null != match.line ? originalLines[match.line - 1]?.trim().slice(0, SNIPPET_MAX_LENGTH) : void 0);
+                findings.push({
+                    rule: rule.id,
+                    level: rule.level,
+                    message: rule.message,
+                    line: match.line,
+                    snippet
+                });
+            }
         }
+        const hasHighRisk = findings.some((f)=>'high' === f.level);
         return {
-            ...this.config?.skills
+            passed: !hasHighRisk,
+            findings
         };
     }
     /**
-   * Check if skill exists in configuration
-   */ hasSkill(name) {
-        const skills = this.getSkills();
-        return name in skills;
-    }
-    /**
-   * Get skill reference by name
-   */ getSkillRef(name) {
-        const skills = this.getSkills();
-        return skills[name];
-    }
-    // ==========================================================================
-    // Private Helpers
-    // ==========================================================================
-    /**
-   * Get loaded config or default (does not throw)
-   */ getConfigOrDefault() {
-        if (this.config) return this.config;
-        if (this.exists()) return this.load();
-        return DEFAULT_SKILLS_JSON;
+   * Scan a file for malicious patterns.
+   * Convenience wrapper that reads the file then calls scan().
+   */ scanFile(filePath) {
+        if (!external_node_fs_.existsSync(filePath)) throw new Error(`File not found: ${filePath}`);
+        const content = external_node_fs_.readFileSync(filePath, 'utf-8');
+        return this.scan(content);
     }
-    /**
-   * Ensure config is loaded into memory
-   */ ensureConfigLoaded() {
-        if (!this.config) this.load();
+}
+// ============================================================================
+// ContentScanError
+// ============================================================================
+/**
+ * Error thrown when content scanning detects high-risk findings.
+ * Carries the full findings array for display purposes.
+ */ class ContentScanError extends Error {
+    findings;
+    constructor(findings){
+        const highCount = findings.filter((f)=>'high' === f.level).length;
+        super(`Content security scan failed: ${highCount} high-risk finding(s) detected`);
+        this.name = 'ContentScanError';
+        this.findings = findings;
     }
 }
 /**
@@ -3200,7 +3480,7 @@ ${CURSOR_BRIDGE_MARKER}
     /**
    * Check if lock file exists
    */ exists() {
-        return exists(this.lockPath);
+        return fs_exists(this.lockPath);
     }
     /**
    * Load lock file
@@ -4449,11 +4729,11 @@ class RegistryResolver {
    */ getSkillPath(name) {
         // Check canonical location first (.agents/skills/)
         const canonicalPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.getCanonicalSkillsDir(), name);
-        if (exists(canonicalPath)) return canonicalPath;
+        if (fs_exists(canonicalPath)) return canonicalPath;
         // Check configured installation directory (.skills/ or custom)
         const installDir = this.getInstallDir();
         const installPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(installDir, name);
-        if (exists(installPath)) return installPath;
+        if (fs_exists(installPath)) return installPath;
         // Default to configured installation directory for new installations
         // if it's not the default .skills, otherwise use canonical location.
         // This respects "installDir" in skills.json.
@@ -4533,7 +4813,7 @@ class RegistryResolver {
         const semanticVersion = metadata?.version ?? gitRef;
         const skillPath = this.getSkillPath(skillName);
         // Check if already installed (using the real name from SKILL.md)
-        if (exists(skillPath) && !force) {
+        if (fs_exists(skillPath) && !force) {
             const locked = this.lockManager.get(skillName);
             // Compare ref if available, fallback to version for backward compatibility
             const lockedRef = locked?.ref || locked?.version;
@@ -4550,10 +4830,10 @@ class RegistryResolver {
         }
         logger_logger["package"](`Installing ${skillName}@${gitRef}...`);
         // Copy to installation directory
-        ensureDir(this.getInstallDir());
-        if (exists(skillPath)) remove(skillPath);
+        fs_ensureDir(this.getInstallDir());
+        if (fs_exists(skillPath)) fs_remove(skillPath);
         copyDir(sourcePath, skillPath, {
-            exclude: DEFAULT_EXCLUDE_FILES
+            exclude: installer_DEFAULT_EXCLUDE_FILES
         });
         // Update lock file (project mode only)
         if (!this.isGlobal) this.lockManager.lockSkill(skillName, {
@@ -4600,7 +4880,7 @@ class RegistryResolver {
         const semanticVersion = metadata?.version ?? version;
         const skillPath = this.getSkillPath(skillName);
         // Check if already installed (using the real name from SKILL.md)
-        if (exists(skillPath) && !force) {
+        if (fs_exists(skillPath) && !force) {
             const locked = this.lockManager.get(skillName);
             const lockedRef = locked?.ref || locked?.version;
             if (locked && lockedRef === version) {
@@ -4616,8 +4896,8 @@ class RegistryResolver {
         }
         logger_logger["package"](`Installing ${skillName}@${version} from ${httpInfo.host}...`);
         // Copy to installation directory
-        ensureDir(this.getInstallDir());
-        if (exists(skillPath)) remove(skillPath);
+        fs_ensureDir(this.getInstallDir());
+        if (fs_exists(skillPath)) fs_remove(skillPath);
         await this.cache.copyTo(parsed, version, skillPath);
         // Update lock file (project mode only)
         if (!this.isGlobal) this.lockManager.lockSkill(skillName, {
@@ -4662,13 +4942,13 @@ class RegistryResolver {
    * Uninstall skill
    */ uninstall(name) {
         const skillPath = this.getSkillPath(name);
-        if (!exists(skillPath)) {
+        if (!fs_exists(skillPath)) {
             const location = this.isGlobal ? '(global)' : '';
             logger_logger.warn(`Skill ${name} is not installed ${location}`.trim());
             return false;
         }
         // Remove installation directory
-        remove(skillPath);
+        fs_remove(skillPath);
         // Remove from lock file (project mode only)
         if (!this.isGlobal) this.lockManager.remove(name);
         // Remove from skills.json (project mode only)
@@ -4833,7 +5113,7 @@ class RegistryResolver {
         const seenNames = new Set();
         // Check canonical location first (.agents/skills/)
         const canonicalDir = this.getCanonicalSkillsDir();
-        if (exists(canonicalDir)) for (const name of listDir(canonicalDir)){
+        if (fs_exists(canonicalDir)) for (const name of listDir(canonicalDir)){
             const skillPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(canonicalDir, name);
             if (!isDirectory(skillPath)) continue;
             const skill = this.getInstalledSkillFromPath(name, skillPath);
@@ -4844,7 +5124,7 @@ class RegistryResolver {
         }
         // Check legacy location (.skills/)
         const legacyDir = this.getInstallDir();
-        if (exists(legacyDir) && legacyDir !== canonicalDir) for (const name of listDir(legacyDir)){
+        if (fs_exists(legacyDir) && legacyDir !== canonicalDir) for (const name of listDir(legacyDir)){
             // Skip if already found in canonical location
             if (seenNames.has(name)) continue;
             const skillPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(legacyDir, name);
@@ -4874,18 +5154,26 @@ class RegistryResolver {
         const canonicalDir = this.getCanonicalSkillsDir();
         const installed = [];
         for (const [type, config] of Object.entries(agents)){
+            if (type === CLAUDE_COWORK_3P_AGENT) {
+                try {
+                    if (fs_exists(getClaude3pSkillPath(skillName))) installed.push(type);
+                } catch  {
+                // Claude Cowork 3P keeps skills under an app-managed account directory.
+                }
+                continue;
+            }
             const agentBase = this.isGlobal ? config.globalSkillsDir : __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.projectRoot, config.skillsDir);
             // Skip agents whose skillsDir is the canonical directory itself
             if (__WEBPACK_EXTERNAL_MODULE_node_path__.resolve(agentBase) === __WEBPACK_EXTERNAL_MODULE_node_path__.resolve(canonicalDir)) continue;
             const agentSkillDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(agentBase, skillName);
-            if (exists(agentSkillDir)) installed.push(type);
+            if (fs_exists(agentSkillDir)) installed.push(type);
         }
         return installed;
     }
     /**
    * Get installed skill information from a specific path
    */ getInstalledSkillFromPath(name, skillPath) {
-        if (!exists(skillPath)) return null;
+        if (!fs_exists(skillPath)) return null;
         const isLinked = isSymlink(skillPath);
         const locked = this.lockManager.get(name);
         // Read metadata from SKILL.md (sole source per agentskills.io spec)
@@ -4908,10 +5196,10 @@ class RegistryResolver {
    */ getInstalledSkill(name) {
         // Check canonical location first (.agents/skills/)
         const canonicalPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.getCanonicalSkillsDir(), name);
-        if (exists(canonicalPath)) return this.getInstalledSkillFromPath(name, canonicalPath);
+        if (fs_exists(canonicalPath)) return this.getInstalledSkillFromPath(name, canonicalPath);
         // Check legacy location (.skills/)
         const legacyPath = __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.getInstallDir(), name);
-        if (exists(legacyPath)) return this.getInstalledSkillFromPath(name, legacyPath);
+        if (fs_exists(legacyPath)) return this.getInstalledSkillFromPath(name, legacyPath);
         return null;
     }
     /**
@@ -5322,7 +5610,7 @@ class RegistryResolver {
         const { shortName, version, registryUrl: resolvedRegistryUrl, tarball, parsed: resolvedParsed } = resolved;
         // 2. Check if already installed (skip if --force)
         const skillPath = this.getSkillPath(shortName);
-        if (exists(skillPath) && !force) {
+        if (fs_exists(skillPath) && !force) {
             const locked = this.lockManager.get(shortName);
             const lockedVersion = locked?.version;
             // Same version already installed
@@ -5359,8 +5647,8 @@ class RegistryResolver {
         logger_logger["package"](`Installing ${shortName}@${version} from ${resolvedRegistryUrl} to ${targetAgents.length} agent(s)...`);
         // 3. Create temp directory for extraction (clean stale files first)
         const tempDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.cache.getCacheDir(), 'registry-temp', `${shortName}-${version}`);
-        await remove(tempDir);
-        await ensureDir(tempDir);
+        await fs_remove(tempDir);
+        await fs_ensureDir(tempDir);
         try {
             // 4. Extract tarball
             const extractedPath = await this.registryResolver.extract(tarball, tempDir);
@@ -5417,7 +5705,7 @@ class RegistryResolver {
             };
         } finally{
             // Clean up temp directory after installation
-            await remove(tempDir);
+            await fs_remove(tempDir);
         }
     }
     // ============================================================================
@@ -5536,8 +5824,8 @@ class RegistryResolver {
         logger_logger["package"](`Installing ${shortName} from ${registryUrl} to ${targetAgents.length} agent(s)...`);
         // Extract tarball to temp directory (clean stale files first)
         const tempDir = __WEBPACK_EXTERNAL_MODULE_node_path__.join(this.cache.getCacheDir(), 'registry-temp', `${shortName}-${version}`);
-        await remove(tempDir);
-        await ensureDir(tempDir);
+        await fs_remove(tempDir);
+        await fs_ensureDir(tempDir);
         try {
             const extractedPath = await this.registryResolver.extract(tarball, tempDir);
             logger_logger.debug(`Extracted to ${extractedPath}`);
@@ -5588,7 +5876,7 @@ class RegistryResolver {
             };
         } finally{
             // Clean up temp directory after installation
-            await remove(tempDir);
+            await fs_remove(tempDir);
         }
     }
     /**
@@ -5648,4 +5936,4 @@ class RegistryResolver {
         return results;
     }
 }
-export { CacheManager, config_loader_ConfigLoader as ConfigLoader, ContentScanError, ContentScanner, DEFAULT_REGISTRIES, DEFAULT_RULES, GitResolver, HttpResolver, Installer, LockManager, SkillManager, SkillValidationError, agents, detectInstalledAgents, generateSkillMd, getAgentConfig, getAgentSkillsDir, getAllAgentTypes, getCanonicalSkillPath, getCanonicalSkillsDir, hasValidSkillMd, isPathSafe, isValidAgentType, logger_logger as logger, maskSafeZones, parseSkillFromDir, parseSkillMd, skill_parser_parseSkillMdFile as parseSkillMdFile, sanitizeName, shortenPath, validateSkillDescription, validateSkillName };
+export { CacheManager, config_loader_ConfigLoader as ConfigLoader, ContentScanError, ContentScanner, DEFAULT_REGISTRIES, DEFAULT_RULES, GitResolver, HttpResolver, Installer, LockManager, SkillManager, SkillValidationError, agents, detectInstalledAgents, generateSkillMd, getAgentConfig, getAgentSkillsDir, getAllAgentTypes, getCanonicalSkillPath, getCanonicalSkillsDir, hasValidSkillMd, fs_isPathSafe as isPathSafe, isValidAgentType, logger_logger as logger, maskSafeZones, parseSkillFromDir, parseSkillMd, skill_parser_parseSkillMdFile as parseSkillMdFile, sanitizeName, shortenPath, validateSkillDescription, validateSkillName };