Several agent files used <example> blocks containing user: "..." /
assistant: "..." turn markers, embedded as \n-escaped strings inside
the YAML frontmatter description: field. Replace those with flat prose
trigger descriptions in description: and a 'When to invoke' section
in the agent body containing prose-bullet scenarios.
Affected files:
- 5 agent definitions:
- plugins/hookify/agents/conversation-analyzer.md
- plugins/pr-review-toolkit/agents/code-reviewer.md
- plugins/pr-review-toolkit/agents/pr-test-analyzer.md
- plugins/pr-review-toolkit/agents/type-design-analyzer.md
- plugins/pr-review-toolkit/agents/comment-analyzer.md
- 5 agent-development skill files updated to teach the new format:
- plugins/plugin-dev/skills/agent-development/SKILL.md
- .../references/triggering-examples.md
- .../references/agent-creation-system-prompt.md
- .../examples/complete-agent-examples.md
- .../examples/agent-creation-prompt.md
Routing is unaffected: each description: still names the trigger
surface in plain English.
Adobe's Creative Cloud skills for image editing, design automation,
background removal, vectorization, and retouching. Points at the
plugins/creative-cloud/adobe-for-creativity subdir of adobe/skills.
The 'Validate frontmatter' step interpolated step output directly into a
double-quoted shell string, allowing a fork PR that adds a file named
e.g. agents/$(curl ...).md to execute arbitrary commands on the runner.
- Pass the file list via env: and reference as "$FILES" so the shell
never re-evaluates the contents
- Pass PR number via env: for consistency (no ${{ }} inside run:)
- Gate the job on same-repo PRs only, since fork PRs are auto-closed by
close-external-prs.yml anyway
Impact was bounded (fork PRs get a read-only token with no secrets), but
this closes the RCE-on-runner vector entirely.
The bot command handlers bypassed access control — they responded to
any DM user regardless of dmPolicy, leaking bot presence and
contradicting ACCESS.md's "Drop silently. No reply." contract for
allowlist mode.
Add dmCommandGate() that applies the same disabled/allowlist checks
as gate() without the pairing side effects, and route all three
handlers through it. Also prune expired pending codes before /status
iterates them.
Fixes#854
Co-authored-by: Claude <noreply@anthropic.com>
Ports anthropics/skills#547 (b0cbd3d) so this repo matches the upstream
skills repo.
improve_description.py and run_loop.py now shell out to `claude -p` instead
of using the Anthropic SDK directly, so the description optimizer uses the
session's existing Claude Code auth and no longer requires a separate
ANTHROPIC_API_KEY. SKILL.md drops the stale extended-thinking reference and
adds guidance for updating an existing skill.
Several enterprise customers sync exclusively from this repo (not
anthropics/skills, whose README disclaims production use), so they have been
stuck on the old SDK-based path.
Let installs follow the repo's default branch instead of a fixed SHA.
Removes the plugin from the weekly SHA-bump rotation and lets developer
updates reach users directly on `claude plugin install`.
The amplitude entry used source type "url" which clones the root of
https://github.com/amplitude/mcp-marketplace — a multi-plugin repo
where the actual plugin lives at plugins/amplitude/. Claude Code found
no skills there, so /reload-plugins loaded 0 skills for amplitude.
Switching to "git-subdir" with path "plugins/amplitude" (the same
pattern used by awslabs, bigdata-com, zapier, etc.) makes Claude Code
resolve the correct subdirectory and load all 27 amplitude skills.
Removing the pinned sha so the plugin tracks main, consistent with
how posthog and other unpinned entries behave.
Adds three NetSuite agent skills to the official marketplace:
- netsuite-aiconnector-service-skill: runtime guidance for the NetSuite
AI Service Connector (tool selection, output formatting, SuiteQL
safety checklist)
- netsuite-sdf-roles-and-permissions: SDF permission ID lookup and
least-privilege role authoring (ADMI_, LIST_, REGT_, REPO_, TRAN_)
- netsuite-uif-spa-reference: API/type reference for @uif-js/core and
@uif-js/component
All three ship from oracle/netsuite-suitecloud-sdk (packages/agent-skills/)
using git-subdir + strict:false + skills[] — the same shape stagehand uses
for skill-only distributions.
