refactor: skill frontmatter standardization with SkillForge validation#760
Merged
Conversation
Updated all 27 skills to use canonical model aliases instead of dated model IDs for consistency and maintainability. Changes: - claude-opus-4-5-20251101 → claude-opus-4-5 (11 skills) - claude-sonnet-4-5-20250929 → claude-sonnet-4-5 (12 skills) - claude-haiku-4-5-20251015 → claude-haiku-4-5 (4 skills) Distribution: - 11 skills: claude-opus-4-5 (high complexity) - 12 skills: claude-sonnet-4-5 (standard) - 4 skills: claude-haiku-4-5 (lightweight) All frontmatter now follows consistent structure: - name, version, model, license, description at top level - metadata section for domain-specific fields 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Comprehensive analysis of skill frontmatter requirements and model identifiers based on official Anthropic documentation (January 2026). Research Findings: - Required schema: only name and description mandatory - Model identifiers: aliases vs dated snapshots - Three-tier strategy: Opus/Sonnet/Haiku allocation - Platform-specific formats: Anthropic API, AWS Bedrock, GCP Vertex AI Evidence: - 27 skills analyzed in ai-agents repository - 6 official documentation sources cited - Model distribution: 11 Opus (40.7%), 12 Sonnet (44.4%), 4 Haiku (14.8%) Artifacts: - 4,847-word analysis document - Best practices and validation rules - Migration guidance and troubleshooting References ADR-040 for architectural decision. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Project-specific Serena memory for Claude Code skill frontmatter standards and model identifier conventions. Quick reference includes: - Minimal required schema (name, description) - Model alias formats for three tiers - ai-agents distribution (11 Opus, 12 Sonnet, 4 Haiku) - Selection criteria and validation rules - Migration patterns from dated IDs to aliases Enables cross-session context retrieval for skill authoring decisions. Related: - Analysis: .agents/analysis/claude-code-skill-frontmatter-2026.md - ADR: ADR-040 (pending) - Implementation: commit 303c6d2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Adopt standardized frontmatter structure and model identifier strategy
for all 27 Claude Code skills in ai-agents repository.
Decision:
1. Use model aliases by default (claude-{tier}-4-5) for auto-updates
2. Exception: security-critical skills may pin dated snapshots
3. Standardize top-level structure (name, version, model, license)
4. Three-tier allocation: Opus (orchestration), Sonnet (workflows), Haiku (speed)
5. Apply least-privilege with allowed-tools restrictions
Multi-Agent Review:
- 6 agents participated (architect, critic, independent-thinker, security, analyst, high-level-advisor)
- Final verdict: 5 ACCEPT, 1 DISAGREE-AND-COMMIT
- Debate log: .agents/critique/ADR-040-debate-log.md
Key Amendments:
- Hybrid model strategy (aliases default, snapshots for security)
- Field status table (official vs ai-agents convention)
- Security guidance for allowed-tools
- Confirmation section with enforcement mechanism
- Reversibility assessment (HIGH vendor lock-in)
- Model behavior monitoring
Implementation:
- Phase 1: Complete (commit 303c6d2)
- Phase 2: Documentation complete
- Phase 3: Validation tooling deferred
Related ADRs:
- ADR-007: Memory-First Architecture
- ADR-033: Everything Deterministic Evaluation
- ADR-036: Two-Source Agent Template Architecture
- ADR-039: Agent Model Cost Optimization
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Six-agent structured debate for ADR-040: Skill Frontmatter Standardization. Agent Verdicts: - Architect: REQUEST_CHANGES → ACCEPT (enforcement, reversibility added) - Critic: APPROVED W/CONDITIONS → ACCEPT (validation gaps noted) - Independent Thinker: BLOCK → DISAGREE-AND-COMMIT (hybrid approach accepted) - Security: REQUEST_CHANGES → ACCEPT (monitoring, allowed-tools guidance added) - Analyst: REQUEST_CHANGES → ACCEPT (convention clarity added) - High-Level Advisor: ACCEPT (strategic value confirmed) Consensus: 5 ACCEPT, 1 DISAGREE-AND-COMMIT (fast convergence) Issues Resolved: - P0 (2): Hybrid model strategy, MADR format - P1 (6): Confirmation, reversibility, monitoring, security, convention clarity - P2 (5): Cross-references, progressive disclosure, metrics Dissent Recorded: Independent-thinker maintains aliases-by-default optimizes maintainer convenience over operational stability but commits to decision. Debate completed in single round with all P0/P1 issues addressed. Related: - ADR: .agents/architecture/ADR-040-skill-frontmatter-standardization.md - Analysis: .agents/analysis/claude-code-skill-frontmatter-2026.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Evidence-based review of ADR-040 verifying research quality, root cause accuracy, implementation feasibility, and success metrics. Verdict: REQUEST_CHANGES (P1) - convention vs specification clarity Key Findings: - Evidence quality: STRONG (all claims verified against official sources) - Root cause: ACCURATE (mixed formats causing 404 errors) - Feasibility: PROVEN (implementation complete in commit 303c6d2) - Model distribution verified: 11 Opus, 12 Sonnet, 4 Haiku (accurate) Issues Identified: - P1: Version/license presented as Claude Code spec (are ai-agents conventions) - P2: Missing success metrics - P2: No baseline 404 error rate - P2: Incomplete Tier 3 skill list (missing metrics skill) Recommendations: - Add field status table distinguishing official vs convention - Define quantifiable success metrics - Document baseline problem severity All pricing, model identifiers, and schema requirements verified against official Anthropic documentation (6 sources consulted). Resolution: P1 issue addressed in ADR amendments (field status table added). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Comprehensive gap analysis and completeness review of ADR-040 skill frontmatter standardization. Verdict: APPROVED WITH RECOMMENDATIONS Strengths: - 739-line analysis shows exhaustive research - Complete implementation (commit 303c6d2) - Strong memory protocol compliance (ADR-007) - Clear three-tier model strategy - Explicit rollback plan Issues Identified: - P0 (3): Session numbering, validation tooling, cross-platform scope - P1 (4): Monitoring strategy, progressive disclosure, test plan, metrics - P2 (5): Description enforcement, authoring guide, pricing history, Claude 5 migration Key Gaps: - No pre-commit validation script (enforcement gap) - Monitoring procedure vague (who/when/how) - Progressive disclosure compliance not verified - Missing cross-platform impact analysis (ADR-036 sync requirements) Recommendations: - Immediate: Standardize session reference, clarify cross-platform scope - Near-term: Implement validation script, progressive disclosure audit - Long-term: Create SKILL-AUTHORING.md guide, monitoring procedure Approval Conditions: Address P0 issues before acceptance. All P1/P2 issues can be tracked as follow-up work in GitHub issues. Resolution: P0 issues addressed in multi-agent debate amendments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replaced deprecated skillcreator skill with SkillForge (formerly known as skillcreator v3.2.0+). Changes: - Removed: .claude/skills/skillcreator/ (34 files) - Added: .claude/skills/SkillForge/ (new skill structure) SkillForge represents the evolution of the skillcreator meta-skill with enhanced methodology, improved references structure, and updated templates. Skill continues to use claude-opus-4-5 model tier for meta-programming complexity (creating skills that create skills). Related: ADR-040 skill frontmatter standardization 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update ADR-040 to reflect authoritative SkillForge packaging standards: ## Corrections - Move model and version from top-level to metadata.model and metadata.version - Update field status table to show metadata location - Add comprehensive skill quality standards section ## Rationale - SkillForge validator defines packaging requirements (ALLOWED_PROPERTIES) - Only name, description, license, allowed-tools, metadata allowed at top-level - Custom fields (version, model) belong in metadata per validator ## Quality Standards Added - Description quality: what + when + keywords - Body quality: concise, imperative, knowledge-gap focused - Structure: no meta-docs, one-level references, TOC for 100+ lines - Progressive disclosure: < 500 lines preferred Fixes validator rejection during skill packaging. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Restructure all 27 skill frontmatter files to comply with SkillForge validator: ## Changes - Move `version` from top-level to `metadata.version` - Move `model` from top-level to `metadata.model` - Maintain all other metadata fields in place - Preserve license at top-level (SkillForge convention) ## Skills Updated - 11 Opus skills: model moved to metadata - 12 Sonnet skills: model moved to metadata - 4 Haiku skills: model moved to metadata ## Validation All 27 skills now pass SkillForge quick_validate.py checks. Complies with ADR-040 Section 2 (Frontmatter Structure). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove embedded .skill files and prohibited documentation per skill standards: ## Removed Files - fix-markdown-fences/fix-markdown-fences.skill (packaging artifact) - github/github.skill (packaging artifact) - metrics/metrics.skill (packaging artifact) - security-detection/security-detection.skill (packaging artifact) - memory/references/README.md (prohibited meta-document) - memory/references/HISTORY.md (prohibited changelog) ## Rationale - .skill files are build outputs, not source files - README.md and HISTORY.md violate progressive disclosure standards - Essential content should be in SKILL.md or properly named reference files Addresses C1 and C2 critical validation issues. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replaces obsolete skill generation workflow with SkillForge validation: - Remove build/Generate-Skills.ps1 (obsolete) - Update .githooks/pre-commit to use validate-skill.py instead - Align validate-skill.py with ADR-040 frontmatter standards - Check version/model in metadata.* instead of top-level - Match quick_validate.py requirements (name, description required) The validator performs comprehensive structural checks including: - Frontmatter validation (name, description, metadata) - Section structure (Triggers, Process, Verification) - Script documentation and error handling Related: ADR-040 (Skill Frontmatter Standardization) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updates ADR-040 and all skills to match SkillForge validate-skill.py: **ADR-040 Changes**: - Move version, model, license from metadata to top-level - Mark name, version, description, license, model as required - Update field status table and examples - Reflect validate-skill.py as authoritative source **Skill Updates** (9 skills): - Move version from metadata to top-level - Move model from metadata to top-level - Add license: MIT where missing - Maintain field order: name, version, description, license, model - Keep domain-specific fields in metadata Updated skills: - SkillForge, encode-repo-serena, github, memory-documentary - memory, merge-resolver, pr-comment-responder - research-and-incorporate, session-log-fixer All skills now pass frontmatter validation (version/model/license checks). Structural validation (Triggers, Process sections) remains separate work. Related: Upstream SkillForge validate-skill.py requirements 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Delete build/tests/Generate-Skills.Tests.ps1 (orphaned after d7f2e08) - Clear coverage-thresholds.json (no active thresholds) - Script was replaced by validate-skill.py
- Add deletion notes to 5 memory files - Note replacement by validate-skill.py (commit d7f2e08) - Update code examples to use generic script names - Preserve historical context while clarifying current state
- Remove obsolete example from test file pattern documentation - Script deleted in commit d7f2e08
Session artifacts: - Session 366 log: skill frontmatter standardization work - Session 356 log: fixed protocol compliance structure - QA report: validation of frontmatter changes - Retrospective: learnings from upstream validator alignment - Serena memory: skill-frontmatter-validator-alignment Key learnings documented: - Treat upstream validators as authoritative - Check code provenance before modifying 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Contributor
PR Validation ReportNote ✅ Status: PASS Description Validation
QA Validation
⚡ Warnings
Powered by PR Validation workflow |
Contributor
Spec-to-Implementation ValidationWarning No spec references found This PR does not reference any specifications (REQ-, DESIGN-, TASK-*, or linked issues). How to add spec referencesAdd spec references to your PR description to enable traceability:
Spec Requirement by PR Type:
See PR template for full guidance. Powered by AI Spec Validator workflow |
Changes SummaryMajor skill infrastructure refactoring that standardizes YAML frontmatter across 27 Claude Code skills, replaces skillcreator with SkillForge 4.0, migrates from skill generation to validation-only workflow, and establishes ADR-040 as authoritative guidance for skill model selection and frontmatter structure. Type: mixed Components Affected: Claude Code skills (.claude/skills/), Pre-commit validation hooks, ADR governance (ADR-040), Build system (skill generation removed), Memory system (.serena/), Session protocols, SkillForge meta-skill Files Changed
Architecture Impact
Risk Areas: Pre-commit hook enforcement may block legitimate commits if validation is too strict, 27 skills updated simultaneously - potential for cascading failures if frontmatter structure incorrect, Model alias auto-updates could change behavior unexpectedly (mitigated by Anthropic's gradual rollout), Security-critical skills (security-detection, session-log-fixer) using aliases instead of pinned snapshots, Large-scale refactoring (100 files changed) increases merge conflict risk, Deleted 802-line test file reduces coverage (Generate-Skills.Tests.ps1), Removed skill generation capability - skills must now be created/validated manually Suggestions
Full review in progress... | Powered by diffray |
Changes SummaryThis PR addresses security vulnerabilities, improves skill validation, and documents lessons learned from autonomous agent execution failures. It fixes CodeQL-identified path injection vulnerabilities in Python scripts, updates skill frontmatter to comply with v2.0 standards, adds comprehensive retrospective analysis of security suppression failures, and creates an exception to the PowerShell-only policy for SkillForge developer tools. Type: mixed Components Affected: SkillForge validation scripts, Security validation patterns, Skill frontmatter standards, Memory management (Serena), Project documentation (ADRs, governance), Session logs and retrospectives Files Changed
Architecture Impact
Risk Areas: Path validation changes in SkillForge scripts could break existing skill packaging workflows if paths are constructed differently than expected, Changing triggers validation from ERROR to WARNING might allow skills with missing trigger sections to pass when they shouldn't, ADR-005 exception for Python creates potential slippery slope if not carefully guarded, Path anchoring pattern needs verification across all edge cases (symlinks, Windows paths, Unicode) Suggestions
Full review in progress... | Powered by diffray |
Adds automatic episode extraction to pre-commit hook: - Detects staged session logs - Invokes Extract-SessionEpisode.ps1 automatically - Stages generated episode JSON files - Non-blocking: failures warn but don't block commits - Respects SKIP_AUTOFIX environment variable Benefits: - Ensures Tier 2 episodic memory is always populated - Reduces manual overhead for memory persistence - Follows existing auto-fix patterns (MCP sync, agent generation) Security: Includes symlink checks per MEDIUM-002 pattern Related: ADR-038 Reflexion Memory Schema, memory skill 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Review SummaryValidated 3 issues: 1 kept, 2 filtered (1 false positive about wrong files, 1 low-value suggestion) Issues Found: 1💬 See 1 individual line comment(s) for details. 📋 Full issue list (click to expand)🔵 LOW - Redundant Path object creation in validate_path_safetyAgent: security Category: quality File: Description: Line 57 creates a new Path(raw) instead of reusing the 'candidate' variable already created on line 50. This is inconsistent with lines 53-54 which correctly use 'candidate'. Suggestion: Change line 57 from 'resolved_path = (base / Path(raw)).resolve()' to 'resolved_path = (base / candidate).resolve()' for consistency. Confidence: 72% Rule: 🔇 1 low-severity issue(s) not posted (min: medium)
Review ID: |
Adds automatic causal graph update to pre-commit hook: - Detects staged episode files in .agents/memory/episodes/ - Invokes Update-CausalGraph.ps1 on entire episode directory - Stages updated causal-graph.json - Extracts and displays stats (nodes, edges, patterns added) - Non-blocking: failures warn but don't block commits - Respects SKIP_AUTOFIX environment variable Benefits: - Ensures Tier 3 causal memory stays synchronized with episodes - Builds decision patterns and success metrics automatically - Reduces manual overhead for memory graph maintenance - Follows existing auto-fix patterns Security: Includes symlink checks per MEDIUM-002 pattern Related: ADR-038 Reflexion Memory Schema, memory skill 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
| return None | ||
| output_dir_path = Path(output_dir) | ||
| if not output_dir_path.is_absolute(): | ||
| output_dir_path = (skills_root / output_dir_path).resolve() |
There was a problem hiding this comment.
Variable output_dir_path is not used.
Security improvements: - Always treats user input as relative to trusted base (even absolute paths) - Uses strict=False to validate paths that don't exist yet - Removes absolute vs relative branching (simpler = more secure) - Removes explicit '..' check (handled by resolution + containment) - Single code path reduces attack surface Key insight: `(base / raw).resolve(strict=False)` handles both absolute and relative inputs correctly by forcing all paths through the trusted base. Benefits: - Simpler logic is easier to audit - No special cases for absolute paths - Validates non-existent paths (useful for skill creation) - More robust against edge cases 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes SummaryThis PR refactors path validation logic in package_skill.py to simplify the security model by always anchoring user input to a trusted base directory, and adds a new pre-commit hook to automatically update the causal graph when episode files are staged. Type: mixed Components Affected: SkillForge skill packaging, Pre-commit hooks, Causal graph automation Files Changed
Architecture Impact
Risk Areas: Path traversal security - simplified logic may have different edge case handling, Breaking change in path handling - absolute user paths now treated as relative, Pre-commit hook performance - causal graph update processes entire episode directory on every commit, Symlink attack surface - new symlink checks in pre-commit hook indicate TOCTOU awareness, Non-blocking failure mode in causal graph update could lead to inconsistent state Suggestions
Full review in progress... | Powered by diffray |
Security improvements per static analysis best practices: - Single resolved_skill_path variable (no intermediate reassignments) - Single resolved_output_path variable for output directory - Clear 4-step validation pattern: 1. Validate with validate_path_safety() 2. Resolve candidate path (absolute vs relative handling) 3. Verify containment with relative_to() 4. Use validated path for all filesystem operations Benefits: - Static analyzers can track path provenance clearly - No confusing intermediate variables (user_skill_path removed) - Consistent pattern for both skill_path and output_dir - Single code path from validation to usage - Removed duplicate output_dir validation Pattern applied to both: - skill_path → resolved_skill_path (under skills_root) - output_dir → resolved_output_path (under cwd) Used consistently in: - exists() checks - is_dir() checks - SKILL.md path construction - validate_skill() call - zip packaging loop 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Review Summary✅ Fixed Issues: 1View fixed issues
Validated 3 issues: 0 kept, 3 filtered (all false positives - the relative_to() check at line 51 protects against absolute path attacks) Review ID: |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 113 out of 145 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
.claude/skills/SkillForge/scripts/quick_validate.py:14
- Import of 'os' is not used.
Renamed validate_path_safety() to validate_and_resolve_path() and
changed return type from tuple to Path | None for cleaner code flow.
Changes across 5 Python files:
- package_skill.py: Simplified both skill_path and output_dir validation
- quick_validate.py: Single-step validation and resolution
- validate-skill.py: Cleaner __init__ validation
- fix_fences.py: Simplified directory validation
- collect_metrics.py: Simplified repo path validation
Pattern change:
Before: is_safe, path = validate_path_safety(input, base)
if not is_safe or path is None: ...
After: path = validate_and_resolve_path(input, base)
if path is None: ...
Benefits:
- Eliminates tuple unpacking
- More Pythonic with Optional[Path] pattern
- Easier for static analyzers to track
- Clearer code flow
Related: PR #760 CodeQL path injection remediation
Changes SummaryThis PR refactors path validation logic across 5 Python scripts in the Claude Code skills system. It simplifies the security-focused Type: refactoring Components Affected: SkillForge validation scripts, Markdown fence fixing utility, Metrics collection utility Files Changed
Architecture Impact
Risk Areas: Path traversal security - changes to validation logic must maintain CWE-22 protection, TOCTOU vulnerabilities - simplified approach reduces window between validation and use, Edge cases in path resolution - removed early '..' rejection could expose different validation behavior, Containment verification - ensure all paths still properly verified against allowed_base after refactoring Suggestions
Full review in progress... | Powered by diffray |
Comment on lines
+102
to
+103
| if not validate_path_safety(str(directory), allowed_base=Path.cwd()): | ||
| raise ValueError(f"Invalid directory: {directory} contains unsafe characters or is outside allowed directory") |
There was a problem hiding this comment.
🟠 HIGH - Path validation bypass - undefined function
Agent: security
Category: security
Description:
Function validate_path_safety() is called but never defined. The correct function is validate_and_resolve_path(). This will cause a NameError at runtime, bypassing path traversal validation and potentially allowing directory traversal attacks (CWE-22).
Suggestion:
Change line 102 from validate_path_safety(str(directory), allowed_base=Path.cwd()) to validate_and_resolve_path(str(directory), allowed_base=Path.cwd()) is not None
Confidence: 98%
Rule: sec_semgrep_scan
Review ID: 868aab82-9b91-4f32-9804-4fb15b5e09ed
Rate it 👍 or 👎 to improve future reviews | Powered by diffray
Review SummaryValidated 3 issues: 1 kept (critical undefined function bug), 2 filtered (speculative DoS concerns with low evidence for local CLI tools) Issues Found: 1💬 See 1 individual line comment(s) for details. 📋 Full issue list (click to expand)🟠 HIGH - Path validation bypass - undefined functionAgent: security Category: security File: Description: Function Suggestion: Change line 102 from Confidence: 98% Rule: Review ID: |
Session 305 did not export Claude-Mem memories (used Serena instead), so security review requirement is N/A. Checkbox must be marked complete with N/A evidence per SESSION-PROTOCOL.md validation requirements. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 113 out of 145 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
.claude/skills/SkillForge/scripts/quick_validate.py:14
- Import of 'os' is not used.
This was referenced Jan 14, 2026
4 tasks
18 tasks
4 tasks
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Generate-Skills.ps1with SkillForge'svalidate-skill.pyin pre-commit hookSpecification References
.agents/architecture/ADR-040-skill-frontmatter-standardization.md.claude/skills/SkillForge/scripts/validate-skill.py.agents/sessions/2026-01-03-session-366.mdChanges
Pre-commit Hook
python3 validate-skill.py <skill-directory>for each staged SKILL.mdADR-040 Updates
name,version,description,license,modelmetadatareserved for domain-specific extensions onlySkill Frontmatter (9 skills updated)
versionandmodelfrom metadata to top-levellicense: MITwhere missingCleanup
build/Generate-Skills.ps1build/tests/Generate-Skills.Tests.ps1(810 lines orphaned tests)Type of Change
Testing
Agent Review
Security Review
QA Validation
.agents/qa/366-skill-frontmatter-standardization-validation.md)Retrospective
.agents/retrospective/2026-01-03-session-366-skill-frontmatter.md)Checklist
Related Issues
🤖 Generated with Claude Code