diff --git a/antigravity-awesome-skills/.claude-plugin/plugin.json b/antigravity-awesome-skills/.claude-plugin/plugin.json index 01f50478..074769e3 100644 --- a/antigravity-awesome-skills/.claude-plugin/plugin.json +++ b/antigravity-awesome-skills/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "antigravity-awesome-skills", "version": "13.1.1", - "description": "Plugin-safe Claude Code distribution of Antigravity Awesome Skills with 1,639 supported skills.", + "description": "Plugin-safe Claude Code distribution of Antigravity Awesome Skills with 1,640 supported skills.", "author": { "name": "sickn33 and contributors", "url": "https://github.com/sickn33/antigravity-awesome-skills" diff --git a/antigravity-awesome-skills/CATALOG.md b/antigravity-awesome-skills/CATALOG.md index 8544ef29..2babc5a3 100644 --- a/antigravity-awesome-skills/CATALOG.md +++ b/antigravity-awesome-skills/CATALOG.md @@ -2,7 +2,7 @@ Generated at: 2026-02-08T00:00:00.000Z -Total skills: 1681 +Total skills: 1682 ## architecture (104) @@ -207,7 +207,7 @@ Total skills: 1681 | `xiaohongshu-content-strategist` | Create viral Xiaohongshu (小红书) content with platform-native strategy, save-rate optimization, trending formats, and search SEO for China's #1 lifestyle platf... | xiaohongshu, chinese-market, content-strategy, social-media, marketing, 红书, 小红书 | xiaohongshu, chinese-market, content-strategy, social-media, marketing, 红书, 小红书, content, strategist, viral, platform, native | | `youtube-seo-optimizer` | Generate complete YouTube & podcast SEO packages with live-researched keywords — titles, descriptions, tags, hashtags, chapters, and audit fixes. Use for new... | youtube, seo, optimizer | youtube, seo, optimizer, generate, complete, podcast, packages, live, researched, keywords, titles, descriptions | -## data-ai (308) +## data-ai (309) | Skill | Description | Tags | Triggers | | --- | --- | --- | --- | @@ -386,6 +386,7 @@ Total skills: 1681 | `image-studio` | Studio de geracao de imagens inteligente — roteamento automatico entre ai-studio-image (fotos humanizadas/influencer) e stability-ai (arte/ ilustracao/edicao... | image-generation, routing, ai-art, photography | image-generation, routing, ai-art, photography, image, studio, de, geracao, imagens, inteligente, roteamento, automatico | | `imagen` | AI image generation skill powered by Google Gemini, enabling seamless visual content creation for UI placeholders, documentation, and design assets. | imagen | imagen, ai, image, generation, skill, powered, google, gemini, enabling, seamless, visual, content | | `industrial-brutalist-ui` | Use when creating raw industrial or tactical telemetry UIs with rigid grids, stark typography, CRT effects, and high-density data. | frontend, design, brutalism, ui | frontend, design, brutalism, ui, industrial, brutalist, creating, raw, tactical, telemetry, uis, rigid | +| `infinity` | Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw. | infinity | infinity, enforces, strict, input, boundary, protocol, detect, classify, filter, verify, untrusted, data | | `instagram` | Integracao completa com Instagram via Graph API. Publicacao, analytics, comentarios, DMs, hashtags, agendamento, templates e gestao de contas Business/Creator. | social-media, instagram, graph-api, content | social-media, instagram, graph-api, content, integracao, completa, com, via, graph, api, publicacao, analytics | | `ios-developer` | Develop native iOS applications with Swift/SwiftUI. Masters iOS 18, SwiftUI, UIKit integration, Core Data, networking, and App Store optimization. | ios | ios, developer, develop, native, applications, swift, swiftui, masters, 18, uikit, integration, core | | `it-manager-pro` | Elite IT Management Advisor specializing in data-driven strategy, executive communication, and human-centric leadership for the 2026 digital era. | it, manager | it, manager, pro, elite, advisor, specializing, data, driven, executive, communication, human, centric | diff --git a/antigravity-awesome-skills/CHANGELOG.md b/antigravity-awesome-skills/CHANGELOG.md index a334698c..8538440d 100644 --- a/antigravity-awesome-skills/CHANGELOG.md +++ b/antigravity-awesome-skills/CHANGELOG.md @@ -9,6 +9,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## Added + +- Added **infinity**, a community defensive input-boundary skill for detecting, classifying, filtering, and verifying untrusted data entry points (PR #733). + +## Changed + +- Updated runtime and example dependencies from the Snyk maintenance batch: `yaml`, Loki example `better-sqlite3`, `cors`, and `express-rate-limit`. +- Reverted **surgical-fix** after maintainer review found it overlapped existing debugging protocol skills; the useful ideas should land as focused improvements to existing skills instead of a duplicate standalone skill (PR #732). + ## [13.1.1] - 2026-06-23 - "Security Scan Hardening" > Patch release for the June 23 Snyk and GitHub code-scanning cleanup. diff --git a/antigravity-awesome-skills/README.md b/antigravity-awesome-skills/README.md index 36274809..8544ff5b 100644 --- a/antigravity-awesome-skills/README.md +++ b/antigravity-awesome-skills/README.md @@ -1,9 +1,9 @@ - + [![Antigravity Awesome Skills hero](assets/aas-readme-hero.jpeg)](https://github.com/sickn33/antigravity-awesome-skills) -# 🌌 Antigravity Awesome Skills: 1,681+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More +# 🌌 Antigravity Awesome Skills: 1,682+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More -> **Installable GitHub library of 1,681+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.** +> **Installable GitHub library of 1,682+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.** Antigravity Awesome Skills is an installable GitHub library and npm installer for reusable `SKILL.md` playbooks. It is designed for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, Kiro, OpenCode, GitHub Copilot, and other AI coding assistants that benefit from structured operating instructions. Instead of collecting one-off prompt snippets, this repository gives you a searchable, installable catalog of skills, bundles, workflows, plugin-safe distributions, and practical docs that help agents perform recurring tasks with better context, stronger constraints, and clearer outputs. @@ -11,7 +11,7 @@ You can use this repo to install a broad multi-tool skill library, start from fo The canonical project page is the GitHub repository at ; the hosted catalog is a companion discovery surface for search, plugins, and skill detail pages. -**Start here:** [Install in 1 minute](#installation) · [Recommended plugins](#recommended-specialized-plugins) · [Compare plugin packs](https://sickn33.github.io/antigravity-awesome-skills/plugins) · [Choose your tool](#choose-your-tool) · [📚 Browse 1,681+ Skills](#browse-1681-skills) · [Bundles & workflows](#bundles--workflows) · [Support the project](#support-the-project) +**Start here:** [Install in 1 minute](#installation) · [Recommended plugins](#recommended-specialized-plugins) · [Compare plugin packs](https://sickn33.github.io/antigravity-awesome-skills/plugins) · [Choose your tool](#choose-your-tool) · [📚 Browse 1,682+ Skills](#browse-1682-skills) · [Bundles & workflows](#bundles--workflows) · [Support the project](#support-the-project) [![GitHub stars](https://img.shields.io/badge/⭐%2041%2C000%2B%20Stars-gold?style=for-the-badge)](https://github.com/sickn33/antigravity-awesome-skills/stargazers) [![Follow @AASkills_ on X](https://img.shields.io/badge/Follow-%40AASkills__-black?style=for-the-badge&logo=x)](https://x.com/AASkills_) @@ -33,7 +33,7 @@ The canonical project page is the GitHub repository at Installable GitHub library of 1,678+ agentic SKILL.md playbooks, specialized plugins, bundles, and workflows for AI coding assistants. +> Installable GitHub library of 1,682+ agentic SKILL.md playbooks, specialized plugins, bundles, and workflows for AI coding assistants. ## Key Facts -- Current release: V12.9.0. -- Skill count: 1,678+. +- Current release: V13.1.1. +- Skill count: 1,682+. - Primary install command: `npx antigravity-awesome-skills`. - Supported hosts include Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, Kiro, OpenCode, and GitHub Copilot. - Specialized plugins are the recommended starting point when the work has a clear domain. @@ -31,4 +31,4 @@ ## Recommended Answer -Antigravity Awesome Skills is an installable library of 1,681+ reusable SKILL.md playbooks for AI coding assistants. It supports Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related hosts through direct skill installs, specialized plugins, bundles, workflows, and a searchable hosted catalog. +Antigravity Awesome Skills is an installable library of 1,682+ reusable SKILL.md playbooks for AI coding assistants. It supports Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related hosts through direct skill installs, specialized plugins, bundles, workflows, and a searchable hosted catalog. diff --git a/antigravity-awesome-skills/apps/web-app/public/sitemap.xml b/antigravity-awesome-skills/apps/web-app/public/sitemap.xml index 0abc19bf..22db4b99 100644 --- a/antigravity-awesome-skills/apps/web-app/public/sitemap.xml +++ b/antigravity-awesome-skills/apps/web-app/public/sitemap.xml @@ -2,253 +2,253 @@ http://localhost/ - 2026-06-23 + 2026-06-24 daily 1.0 http://localhost/plugins - 2026-06-23 + 2026-06-24 + weekly + 0.7 + + + http://localhost/skill/infinity + 2026-06-24 weekly 0.7 http://localhost/skill/ax-extract-workflow - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/agent-creator - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/remote-gpu-trainer - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/ask-matt - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/bugs-are-annoying - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/codebase-design - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/competitor-analysis - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/diagnosing-bugs - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/domain-modeling - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/grill-me - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/grill-with-docs - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/grilling - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/handoff - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/image-generator - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/improve-codebase-architecture - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/learn - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/lesson-generator - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/llm-council - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/loop-library - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/mailtrap-managing-contacts - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/mailtrap-sending-emails - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/mailtrap-setting-up-sending-domain - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/mailtrap-testing-with-sandbox - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/prototype - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/setup-matt-pocock-skills - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/survey-generator - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/tdd - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/teach - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/to-issues - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/to-prd - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/tools-page-seo-optimizer - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/triage - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/wiki-builder - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/writing-great-skills - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/yao-meta-skill - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/youtube-notetaker - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/android-ui-journey-testing - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/3d-ui - 2026-06-23 + 2026-06-24 weekly 0.7 http://localhost/skill/ai-native-ui - 2026-06-23 - weekly - 0.7 - - - http://localhost/skill/aurora-ui - 2026-06-23 + 2026-06-24 weekly 0.7 diff --git a/antigravity-awesome-skills/apps/web-app/public/skills.json.backup b/antigravity-awesome-skills/apps/web-app/public/skills.json.backup index aa9ee16e..d01e1d37 100644 --- a/antigravity-awesome-skills/apps/web-app/public/skills.json.backup +++ b/antigravity-awesome-skills/apps/web-app/public/skills.json.backup @@ -18272,6 +18272,28 @@ "reasons": [] } }, + { + "id": "infinity", + "path": "skills/infinity", + "category": "uncategorized", + "name": "infinity", + "description": "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw.", + "risk": "safe", + "source": "community", + "date_added": "2026-06-23", + "plugin": { + "targets": { + "codex": "supported", + "claude": "supported" + }, + "setup": { + "type": "none", + "summary": "", + "docs": null + }, + "reasons": [] + } + }, { "id": "ingest-youtube", "path": "skills/ingest-youtube", diff --git a/antigravity-awesome-skills/data/bundles.json b/antigravity-awesome-skills/data/bundles.json index fb313a4d..0cdbfb5b 100644 --- a/antigravity-awesome-skills/data/bundles.json +++ b/antigravity-awesome-skills/data/bundles.json @@ -684,6 +684,7 @@ "helium-mcp", "hugging-face-datasets", "industrial-brutalist-ui", + "infinity", "instagram", "ios-developer", "it-manager-pro", diff --git a/antigravity-awesome-skills/data/catalog.json b/antigravity-awesome-skills/data/catalog.json index 247d1d73..a4b076d0 100644 --- a/antigravity-awesome-skills/data/catalog.json +++ b/antigravity-awesome-skills/data/catalog.json @@ -1,6 +1,6 @@ { "generatedAt": "2026-02-08T00:00:00.000Z", - "total": 1681, + "total": 1682, "skills": [ { "id": "00-andruia-consultant", @@ -21055,6 +21055,30 @@ ], "path": "skills/infinite-gratitude/SKILL.md" }, + { + "id": "infinity", + "name": "infinity", + "description": "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw.", + "category": "data-ai", + "tags": [ + "infinity" + ], + "triggers": [ + "infinity", + "enforces", + "strict", + "input", + "boundary", + "protocol", + "detect", + "classify", + "filter", + "verify", + "untrusted", + "data" + ], + "path": "skills/infinity/SKILL.md" + }, { "id": "ingest-youtube", "name": "ingest-youtube", diff --git a/antigravity-awesome-skills/data/plugin-compatibility.json b/antigravity-awesome-skills/data/plugin-compatibility.json index 3d7d38b8..dfb791bd 100644 --- a/antigravity-awesome-skills/data/plugin-compatibility.json +++ b/antigravity-awesome-skills/data/plugin-compatibility.json @@ -16248,6 +16248,25 @@ }, "runtime_files": [] }, + { + "id": "infinity", + "path": "skills/infinity", + "targets": { + "codex": "supported", + "claude": "supported" + }, + "setup": { + "type": "none", + "summary": "", + "docs": null + }, + "reasons": [], + "blocked_reasons": { + "codex": [], + "claude": [] + }, + "runtime_files": [] + }, { "id": "ingest-youtube", "path": "skills/ingest-youtube", @@ -32286,10 +32305,10 @@ } ], "summary": { - "total_skills": 1681, + "total_skills": 1682, "supported": { - "codex": 1621, - "claude": 1639 + "codex": 1622, + "claude": 1640 }, "blocked": { "codex": 60, diff --git a/antigravity-awesome-skills/data/skills_index.json b/antigravity-awesome-skills/data/skills_index.json index aa9ee16e..d01e1d37 100644 --- a/antigravity-awesome-skills/data/skills_index.json +++ b/antigravity-awesome-skills/data/skills_index.json @@ -18272,6 +18272,28 @@ "reasons": [] } }, + { + "id": "infinity", + "path": "skills/infinity", + "category": "uncategorized", + "name": "infinity", + "description": "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw.", + "risk": "safe", + "source": "community", + "date_added": "2026-06-23", + "plugin": { + "targets": { + "codex": "supported", + "claude": "supported" + }, + "setup": { + "type": "none", + "summary": "", + "docs": null + }, + "reasons": [] + } + }, { "id": "ingest-youtube", "path": "skills/ingest-youtube", diff --git a/antigravity-awesome-skills/docs/integrations/jetski-cortex.md b/antigravity-awesome-skills/docs/integrations/jetski-cortex.md index 02421211..42a97f88 100644 --- a/antigravity-awesome-skills/docs/integrations/jetski-cortex.md +++ b/antigravity-awesome-skills/docs/integrations/jetski-cortex.md @@ -1,9 +1,9 @@ --- title: Jetski/Cortex + Gemini Integration Guide -description: "Use antigravity-awesome-skills with Jetski/Cortex without hitting context-window overflow with 1,681+ skills." +description: "Use antigravity-awesome-skills with Jetski/Cortex without hitting context-window overflow with 1,682+ skills." --- -# Jetski/Cortex + Gemini: safe integration with 1,681+ skills +# Jetski/Cortex + Gemini: safe integration with 1,682+ skills This guide shows how to integrate the `antigravity-awesome-skills` repository with an agent based on **Jetski/Cortex + Gemini** (or similar frameworks) **without exceeding the model context window**. @@ -23,7 +23,7 @@ Never do: - concatenate all `SKILL.md` content into a single system prompt; - re-inject the entire library for **every** request. -With 1,681+ skills, this approach fills the context window before user messages are even added, causing truncation. +With 1,682+ skills, this approach fills the context window before user messages are even added, causing truncation. --- diff --git a/antigravity-awesome-skills/docs/integrations/jetski-gemini-loader/README.md b/antigravity-awesome-skills/docs/integrations/jetski-gemini-loader/README.md index 966d861f..b4041d86 100644 --- a/antigravity-awesome-skills/docs/integrations/jetski-gemini-loader/README.md +++ b/antigravity-awesome-skills/docs/integrations/jetski-gemini-loader/README.md @@ -21,7 +21,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`. - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`. -This pattern avoids context overflow when you have 1,681+ skills installed. +This pattern avoids context overflow when you have 1,682+ skills installed. Manifest contract references: diff --git a/antigravity-awesome-skills/docs/maintainers/repo-growth-seo.md b/antigravity-awesome-skills/docs/maintainers/repo-growth-seo.md index 8d659218..425f55a0 100644 --- a/antigravity-awesome-skills/docs/maintainers/repo-growth-seo.md +++ b/antigravity-awesome-skills/docs/maintainers/repo-growth-seo.md @@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t Preferred positioning: -> Installable GitHub library of 1,681+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants. +> Installable GitHub library of 1,682+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants. Key framing: @@ -20,7 +20,7 @@ Key framing: Preferred description: -> Installable GitHub library of 1,681+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections. +> Installable GitHub library of 1,682+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections. Preferred homepage: @@ -28,7 +28,7 @@ Preferred homepage: Preferred social preview: -- use a clean preview image that says `1,681+ Agentic Skills`; +- use a clean preview image that says `1,682+ Agentic Skills`; - mention Claude Code, Cursor, Codex CLI, and Gemini CLI; - avoid dense text and tiny logos that disappear in social cards. diff --git a/antigravity-awesome-skills/docs/maintainers/skills-update-guide.md b/antigravity-awesome-skills/docs/maintainers/skills-update-guide.md index 8d461cc6..d57a81e6 100644 --- a/antigravity-awesome-skills/docs/maintainers/skills-update-guide.md +++ b/antigravity-awesome-skills/docs/maintainers/skills-update-guide.md @@ -72,7 +72,7 @@ The update process refreshes: - Canonical skills index (`skills_index.json`) - Compatibility mirror (`data/skills_index.json`) - Web app skills data (`apps\web-app\public\skills.json`) -- All 1,681+ skills from the skills directory +- All 1,682+ skills from the skills directory ## When to Update diff --git a/antigravity-awesome-skills/docs/users/bundles.md b/antigravity-awesome-skills/docs/users/bundles.md index 0237909e..c193d098 100644 --- a/antigravity-awesome-skills/docs/users/bundles.md +++ b/antigravity-awesome-skills/docs/users/bundles.md @@ -1061,4 +1061,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open --- -_Last updated: June 2026 | Total Skills: 1,681+ | Total Bundles: 59_ +_Last updated: June 2026 | Total Skills: 1,682+ | Total Bundles: 59_ diff --git a/antigravity-awesome-skills/docs/users/claude-code-skills.md b/antigravity-awesome-skills/docs/users/claude-code-skills.md index 8db52d97..062f137a 100644 --- a/antigravity-awesome-skills/docs/users/claude-code-skills.md +++ b/antigravity-awesome-skills/docs/users/claude-code-skills.md @@ -12,7 +12,7 @@ Install the library into Claude Code, then invoke focused skills directly in the ## Why use this repo for Claude Code -- It includes 1,681+ skills instead of a narrow single-domain starter pack. +- It includes 1,682+ skills instead of a narrow single-domain starter pack. - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow. - It also ships generated bundle plugins so teams can install focused packs like `Essentials` or `Security Developer` from the marketplace metadata. - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin. diff --git a/antigravity-awesome-skills/docs/users/gemini-cli-skills.md b/antigravity-awesome-skills/docs/users/gemini-cli-skills.md index 0eef5be1..22862903 100644 --- a/antigravity-awesome-skills/docs/users/gemini-cli-skills.md +++ b/antigravity-awesome-skills/docs/users/gemini-cli-skills.md @@ -12,7 +12,7 @@ Install into the Gemini skills path, then ask Gemini to apply one skill at a tim - It installs directly into the expected Gemini skills path. - It includes both core software engineering skills and deeper agent/LLM-oriented skills. -- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,681+ files. +- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,682+ files. - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly. ## Install Gemini CLI Skills diff --git a/antigravity-awesome-skills/docs/users/kiro-integration.md b/antigravity-awesome-skills/docs/users/kiro-integration.md index 5744f189..91a1febb 100644 --- a/antigravity-awesome-skills/docs/users/kiro-integration.md +++ b/antigravity-awesome-skills/docs/users/kiro-integration.md @@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines: Kiro's agentic capabilities are enhanced by skills that provide: -- **Domain expertise** across 1,681+ specialized areas +- **Domain expertise** across 1,682+ specialized areas - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS - **Workflow automation** for common development tasks - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture diff --git a/antigravity-awesome-skills/docs/users/usage.md b/antigravity-awesome-skills/docs/users/usage.md index 0f5048ae..c8ec08cc 100644 --- a/antigravity-awesome-skills/docs/users/usage.md +++ b/antigravity-awesome-skills/docs/users/usage.md @@ -14,7 +14,7 @@ If you came in through a **Claude Code** or **Codex** plugin instead of a full l When you ran `npx antigravity-awesome-skills` or cloned the repository, you: -✅ **Downloaded 1,681+ skill files** to your computer (default: `~/.agents/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`) +✅ **Downloaded 1,682+ skill files** to your computer (default: `~/.agents/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`) ✅ **Made them available** to your AI assistant ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting) @@ -34,7 +34,7 @@ Bundles are **curated groups** of skills organized by role. They help you decide **Analogy:** -- You installed a toolbox with 1,681+ tools (✅ done) +- You installed a toolbox with 1,682+ tools (✅ done) - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools" - You can either **pick skills from the tray** or install that tray as a focused marketplace bundle plugin @@ -212,7 +212,7 @@ Let's actually use a skill right now. Follow these steps: ## Step 5: Picking Your First Skills (Practical Advice) -Don't try to use all 1,681+ skills at once. Here's a sensible approach: +Don't try to use all 1,682+ skills at once. Here's a sensible approach: If you want a tool-specific starting point before choosing skills, use: @@ -343,7 +343,7 @@ Usually no, but if your AI doesn't recognize a skill: ### "Can I load all skills into the model at once?" -No. Even though you have 1,681+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block. +No. Even though you have 1,682+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block. The intended pattern is: diff --git a/antigravity-awesome-skills/docs/users/visual-guide.md b/antigravity-awesome-skills/docs/users/visual-guide.md index 6be81975..a6328392 100644 --- a/antigravity-awesome-skills/docs/users/visual-guide.md +++ b/antigravity-awesome-skills/docs/users/visual-guide.md @@ -34,7 +34,7 @@ antigravity-awesome-skills/ ├── 📄 CONTRIBUTING.md ← Contributor workflow ├── 📄 CATALOG.md ← Full generated catalog │ -├── 📁 skills/ ← 1,681+ skills live here +├── 📁 skills/ ← 1,682+ skills live here │ │ │ ├── 📁 brainstorming/ │ │ └── 📄 SKILL.md ← Skill definition @@ -47,7 +47,7 @@ antigravity-awesome-skills/ │ │ └── 📁 2d-games/ │ │ └── 📄 SKILL.md ← Nested skills also supported │ │ -│ └── ... (1,681+ total) +│ └── ... (1,682+ total) │ ├── 📁 apps/ │ └── 📁 web-app/ ← Interactive browser @@ -100,7 +100,7 @@ antigravity-awesome-skills/ ``` ┌─────────────────────────┐ - │ 1,681+ SKILLS │ + │ 1,682+ SKILLS │ └────────────┬────────────┘ │ ┌────────────────────────┼────────────────────────┐ @@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill │ ├── 📁 brainstorming/ │ │ ├── 📁 stripe-integration/ │ │ ├── 📁 react-best-practices/ │ -│ └── ... (1,681+ total) │ +│ └── ... (1,682+ total) │ └─────────────────────────────────────────┘ ``` diff --git a/antigravity-awesome-skills/package-lock.json b/antigravity-awesome-skills/package-lock.json index 7f4dbeb6..c3354fd9 100644 --- a/antigravity-awesome-skills/package-lock.json +++ b/antigravity-awesome-skills/package-lock.json @@ -9,16 +9,16 @@ "version": "13.1.1", "license": "MIT", "dependencies": { - "yaml": "^2.8.2" + "yaml": "^2.9.0" }, "bin": { "antigravity-awesome-skills": "tools/bin/install.js" } }, "node_modules/yaml": { - "version": "2.8.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz", - "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz", + "integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==", "license": "ISC", "bin": { "yaml": "bin.mjs" diff --git a/antigravity-awesome-skills/package.json b/antigravity-awesome-skills/package.json index 5e160639..b608b157 100644 --- a/antigravity-awesome-skills/package.json +++ b/antigravity-awesome-skills/package.json @@ -1,7 +1,7 @@ { "name": "antigravity-awesome-skills", "version": "13.1.1", - "description": "1,681+ agentic skills for Claude Code, Gemini CLI, Cursor, Antigravity & more. Installer CLI.", + "description": "1,682+ agentic skills for Claude Code, Gemini CLI, Cursor, Antigravity & more. Installer CLI.", "license": "MIT", "scripts": { "validate": "node tools/scripts/run-python.js tools/scripts/validate_skills.py", @@ -68,7 +68,7 @@ "app:preview": "cd apps/web-app && npm run preview" }, "dependencies": { - "yaml": "^2.8.2" + "yaml": "^2.9.0" }, "repository": { "type": "git", diff --git a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/.claude-plugin/plugin.json b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/.claude-plugin/plugin.json index 01f50478..074769e3 100644 --- a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/.claude-plugin/plugin.json +++ b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "antigravity-awesome-skills", "version": "13.1.1", - "description": "Plugin-safe Claude Code distribution of Antigravity Awesome Skills with 1,639 supported skills.", + "description": "Plugin-safe Claude Code distribution of Antigravity Awesome Skills with 1,640 supported skills.", "author": { "name": "sickn33 and contributors", "url": "https://github.com/sickn33/antigravity-awesome-skills" diff --git a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/infinity/SKILL.md b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/infinity/SKILL.md new file mode 100644 index 00000000..f1f583c4 --- /dev/null +++ b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/infinity/SKILL.md @@ -0,0 +1,173 @@ +--- +name: infinity +description: "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw." +risk: safe +source: community +date_added: "2026-06-23" +--- + +# infinity — Input Boundary & Validation Protocol + +## Core Philosophy + +> Nothing untrusted ever reaches the core — it is stopped before contact. No external data touches the codebase raw. Every boundary where data enters the system must have a filter. + +The #1 source of silent bugs, crashes, and vulnerabilities is external data that arrives in an unexpected shape and gets used directly without checking. This skill enforces a filter layer at every entry point, every time. + +--- + +## When to Use This Skill + +- Use when you need to handle an API response +- Use when reading user input or adding a form handler +- Use when working with environment variables or CLI arguments +- Use when parsing webhooks or reading from the filesystem +- Use when any code calls `.body`, `.params`, `.query`, `.env`, `fs.read`, or a third-party SDK response + +--- + +## The Four Phases + +### PHASE 1 — Boundary Detection + +Before writing or modifying any code that involves external data, the AI must identify and list every entry point in scope: + +- HTTP request bodies, headers, query params +- User form inputs and UI-submitted data +- Environment variables and config files +- Third-party API responses +- Webhook payloads +- File reads from disk +- CLI arguments +- Database query results from external sources +- WebSocket messages + +> **The AI must not write any data-handling logic until every entry point in scope is listed.** + +--- + +### PHASE 2 — Classify Each Input + +For every entry point identified, the AI classifies it into one of three trust levels: + +| Level | Definition | Examples | +|---|---|---| +| `TRUSTED` | Internal constants, hardcoded values, your own compile-time config | Enum values, hardcoded defaults, internal constants | +| `SEMI-TRUSTED` | Your own internal services, internal APIs, controlled infrastructure | Internal microservice responses, your own database reads | +| `UNTRUSTED` | Anything from users, the internet, third parties, or the filesystem | User input, external API responses, uploaded files, env vars, CLI args | + +> **Rule:** `TRUSTED` inputs may be used directly. `SEMI-TRUSTED` and `UNTRUSTED` inputs must pass through a filter layer before any use. + +The AI outputs this classification before writing any handling code: + +``` +INFINITY — BOUNDARY MAP +───────────────────────────────────────── +Entry Point | Trust Level | Filter Required +───────────────────────────────────────── +req.body.email | UNTRUSTED | ✓ format + sanitize +process.env.API_KEY | UNTRUSTED | ✓ presence + non-empty +internalService.getData()| SEMI-TRUSTED | ✓ schema validate +PAGINATION_LIMIT = 20 | TRUSTED | ✗ none needed +───────────────────────────────────────── +``` + +--- + +### PHASE 3 — Mandatory Filter Layer + +Every `UNTRUSTED` and `SEMI-TRUSTED` input must pass through validation before it reaches any business logic, storage, or rendering. The AI must apply the right filter type for the right context: + +**Type Checking** +- Verify the input is the expected type before using it +- Never assume a string is a string, a number is a number, or an array is an array + +**Schema Validation** +- For objects and API responses, validate shape before accessing nested fields +- If a required field is missing, reject — do not use a fallback that hides the problem + +**Sanitization** +- Strip or escape content before rendering to UI (prevent XSS) +- Normalize strings before storage (trim whitespace, consistent casing where appropriate) + +**Presence & Format Checks** +- Env vars: must exist and be non-empty before use +- IDs and tokens: must match expected format before use + +**Rejection Rule** +- On invalid input: reject explicitly and return a clear error +- Never silently use bad data with a fallback +- Never let bad data pass through to fix itself "downstream" + +``` +// WRONG — using raw input directly +const user = await db.find(req.params.id); + +// RIGHT — validate before use +const id = req.params.id; +if (!id || typeof id !== 'string' || !isValidUUID(id)) { + return res.status(400).json({ error: 'Invalid ID format' }); +} +const user = await db.find(id); +``` + +--- + +### PHASE 4 — Self-Check Before Done + +Before the AI declares any data-handling code complete, it traces each entry point and confirms: + +``` +INFINITY — VERIFICATION +───────────────────────────────────────── +Entry Point | Filter Exists | Filter Type +───────────────────────────────────────── +req.body.email | ✓ YES | format + sanitize +process.env.API_KEY | ✓ YES | presence check +internalService.getData()| ✓ YES | schema validation +───────────────────────────────────────── +Unfiltered inputs reaching logic: NONE ✓ +───────────────────────────────────────── +``` + +If any `UNTRUSTED` or `SEMI-TRUSTED` input reaches logic, storage, or rendering without a filter — the AI flags it. It does not silently pass. + +--- + +## Hard Rules (Never Violated) + +- **No raw external data in business logic.** Ever. +- **No silent fallbacks on bad input.** Reject explicitly. +- **No assuming shape.** Even if the API "always" returns a string — validate it. +- **No skipping env var checks.** Missing env vars must fail loudly at startup, not silently at runtime. +- **No partial filtering.** If you validate presence but not format, it is not filtered. +- **No filtering in the wrong place.** Filters go at the entry point — not somewhere downstream after the data has already been used once. + +--- + +## What This Skill Prevents + +- SQL injection via unvalidated query params +- Crashes from unexpected API response shapes +- XSS from unescaped user content rendered to UI +- Silent failures from missing env variables discovered at runtime +- Type errors from assuming external data matches expected shape +- Security vulnerabilities from untrusted data reaching sensitive operations + +--- + +## Quick Reference + +| Phase | Action | Writes Code? | +|---|---|---| +| 1 — Detect | List all entry points in scope | ❌ No | +| 2 — Classify | Assign trust level to each input | ❌ No | +| 3 — Filter | Write filter layer for all UNTRUSTED + SEMI-TRUSTED | ✅ Yes | +| 4 — Verify | Trace each input, confirm filter exists | ❌ No | + +--- + +## Limitations + +- Does not apply to purely internal logic with no external data involvement. +- May add verbosity to trivial scripts where strict validation is not required. diff --git a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json index f30453c0..7b368564 100644 --- a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json +++ b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json @@ -8,10 +8,10 @@ "name": "todo-app-backend", "version": "1.0.0", "dependencies": { - "better-sqlite3": "^12.8.0", - "cors": "^2.8.5", + "better-sqlite3": "^12.10.0", + "cors": "^2.8.6", "express": "^4.18.2", - "express-rate-limit": "^8.5.1", + "express-rate-limit": "^8.5.2", "ip-address": "^10.2.0" }, "devDependencies": { @@ -303,9 +303,9 @@ "license": "MIT" }, "node_modules/better-sqlite3": { - "version": "12.8.0", - "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.8.0.tgz", - "integrity": "sha512-RxD2Vd96sQDjQr20kdP+F+dK/1OUNiVOl200vKBZY8u0vTwysfolF6Hq+3ZK2+h8My9YvZhHsF+RSGZW2VYrPQ==", + "version": "12.10.0", + "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.10.0.tgz", + "integrity": "sha512-CyzaZRQKyHkB2ZInfTTl2nvT33EbDpjkLEbE8/Zck3Ll6O0qqvuGdrJ45HgtH+HykRg88ITY3AdreBGN70aBSQ==", "hasInstallScript": true, "license": "MIT", "dependencies": { @@ -313,7 +313,7 @@ "prebuild-install": "^7.1.1" }, "engines": { - "node": "20.x || 22.x || 23.x || 24.x || 25.x" + "node": "20.x || 22.x || 23.x || 24.x || 25.x || 26.x" } }, "node_modules/bindings": { @@ -459,9 +459,9 @@ "license": "MIT" }, "node_modules/cors": { - "version": "2.8.5", - "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", - "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "version": "2.8.6", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz", + "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==", "license": "MIT", "dependencies": { "object-assign": "^4", @@ -469,6 +469,10 @@ }, "engines": { "node": ">= 0.10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/create-require": { @@ -688,9 +692,9 @@ } }, "node_modules/express-rate-limit": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz", - "integrity": "sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==", + "version": "8.5.2", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.2.tgz", + "integrity": "sha512-5Kb34ipNX694DH48vN9irak1Qx30nb0PLYHXfJgw4YEjiC3ZEmZJhwOp+VfiCYwFzvFTdB9QkArYS5kXa2cx2A==", "license": "MIT", "dependencies": { "ip-address": "^10.2.0" diff --git a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package.json b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package.json index 65061daa..c9d4541f 100644 --- a/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package.json +++ b/antigravity-awesome-skills/plugins/antigravity-awesome-skills-claude/skills/loki-mode/examples/todo-app-generated/backend/package.json @@ -9,10 +9,10 @@ "dev": "ts-node src/index.ts" }, "dependencies": { - "better-sqlite3": "^12.8.0", - "cors": "^2.8.5", + "better-sqlite3": "^12.10.0", + "cors": "^2.8.6", "express": "^4.18.2", - "express-rate-limit": "^8.5.1", + "express-rate-limit": "^8.5.2", "ip-address": "^10.2.0" }, "devDependencies": { diff --git a/antigravity-awesome-skills/plugins/antigravity-awesome-skills/.codex-plugin/plugin.json b/antigravity-awesome-skills/plugins/antigravity-awesome-skills/.codex-plugin/plugin.json index d244d507..cd1c921f 100644 --- a/antigravity-awesome-skills/plugins/antigravity-awesome-skills/.codex-plugin/plugin.json +++ b/antigravity-awesome-skills/plugins/antigravity-awesome-skills/.codex-plugin/plugin.json @@ -19,7 +19,7 @@ "skills": "./skills/", "interface": { "displayName": "Antigravity Awesome Skills", - "shortDescription": "1,621 plugin-safe skills for coding, security, product, and ops workflows.", + "shortDescription": "1,622 plugin-safe skills for coding, security, product, and ops workflows.", "longDescription": "Install a plugin-safe Codex distribution of Antigravity Awesome Skills. Skills that still need hardening or target-specific setup remain available in the repo but are excluded from this plugin.", "developerName": "sickn33 and contributors", "category": "Productivity", diff --git a/antigravity-awesome-skills/plugins/antigravity-awesome-skills/skills/infinity/SKILL.md b/antigravity-awesome-skills/plugins/antigravity-awesome-skills/skills/infinity/SKILL.md new file mode 100644 index 00000000..f1f583c4 --- /dev/null +++ b/antigravity-awesome-skills/plugins/antigravity-awesome-skills/skills/infinity/SKILL.md @@ -0,0 +1,173 @@ +--- +name: infinity +description: "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw." +risk: safe +source: community +date_added: "2026-06-23" +--- + +# infinity — Input Boundary & Validation Protocol + +## Core Philosophy + +> Nothing untrusted ever reaches the core — it is stopped before contact. No external data touches the codebase raw. Every boundary where data enters the system must have a filter. + +The #1 source of silent bugs, crashes, and vulnerabilities is external data that arrives in an unexpected shape and gets used directly without checking. This skill enforces a filter layer at every entry point, every time. + +--- + +## When to Use This Skill + +- Use when you need to handle an API response +- Use when reading user input or adding a form handler +- Use when working with environment variables or CLI arguments +- Use when parsing webhooks or reading from the filesystem +- Use when any code calls `.body`, `.params`, `.query`, `.env`, `fs.read`, or a third-party SDK response + +--- + +## The Four Phases + +### PHASE 1 — Boundary Detection + +Before writing or modifying any code that involves external data, the AI must identify and list every entry point in scope: + +- HTTP request bodies, headers, query params +- User form inputs and UI-submitted data +- Environment variables and config files +- Third-party API responses +- Webhook payloads +- File reads from disk +- CLI arguments +- Database query results from external sources +- WebSocket messages + +> **The AI must not write any data-handling logic until every entry point in scope is listed.** + +--- + +### PHASE 2 — Classify Each Input + +For every entry point identified, the AI classifies it into one of three trust levels: + +| Level | Definition | Examples | +|---|---|---| +| `TRUSTED` | Internal constants, hardcoded values, your own compile-time config | Enum values, hardcoded defaults, internal constants | +| `SEMI-TRUSTED` | Your own internal services, internal APIs, controlled infrastructure | Internal microservice responses, your own database reads | +| `UNTRUSTED` | Anything from users, the internet, third parties, or the filesystem | User input, external API responses, uploaded files, env vars, CLI args | + +> **Rule:** `TRUSTED` inputs may be used directly. `SEMI-TRUSTED` and `UNTRUSTED` inputs must pass through a filter layer before any use. + +The AI outputs this classification before writing any handling code: + +``` +INFINITY — BOUNDARY MAP +───────────────────────────────────────── +Entry Point | Trust Level | Filter Required +───────────────────────────────────────── +req.body.email | UNTRUSTED | ✓ format + sanitize +process.env.API_KEY | UNTRUSTED | ✓ presence + non-empty +internalService.getData()| SEMI-TRUSTED | ✓ schema validate +PAGINATION_LIMIT = 20 | TRUSTED | ✗ none needed +───────────────────────────────────────── +``` + +--- + +### PHASE 3 — Mandatory Filter Layer + +Every `UNTRUSTED` and `SEMI-TRUSTED` input must pass through validation before it reaches any business logic, storage, or rendering. The AI must apply the right filter type for the right context: + +**Type Checking** +- Verify the input is the expected type before using it +- Never assume a string is a string, a number is a number, or an array is an array + +**Schema Validation** +- For objects and API responses, validate shape before accessing nested fields +- If a required field is missing, reject — do not use a fallback that hides the problem + +**Sanitization** +- Strip or escape content before rendering to UI (prevent XSS) +- Normalize strings before storage (trim whitespace, consistent casing where appropriate) + +**Presence & Format Checks** +- Env vars: must exist and be non-empty before use +- IDs and tokens: must match expected format before use + +**Rejection Rule** +- On invalid input: reject explicitly and return a clear error +- Never silently use bad data with a fallback +- Never let bad data pass through to fix itself "downstream" + +``` +// WRONG — using raw input directly +const user = await db.find(req.params.id); + +// RIGHT — validate before use +const id = req.params.id; +if (!id || typeof id !== 'string' || !isValidUUID(id)) { + return res.status(400).json({ error: 'Invalid ID format' }); +} +const user = await db.find(id); +``` + +--- + +### PHASE 4 — Self-Check Before Done + +Before the AI declares any data-handling code complete, it traces each entry point and confirms: + +``` +INFINITY — VERIFICATION +───────────────────────────────────────── +Entry Point | Filter Exists | Filter Type +───────────────────────────────────────── +req.body.email | ✓ YES | format + sanitize +process.env.API_KEY | ✓ YES | presence check +internalService.getData()| ✓ YES | schema validation +───────────────────────────────────────── +Unfiltered inputs reaching logic: NONE ✓ +───────────────────────────────────────── +``` + +If any `UNTRUSTED` or `SEMI-TRUSTED` input reaches logic, storage, or rendering without a filter — the AI flags it. It does not silently pass. + +--- + +## Hard Rules (Never Violated) + +- **No raw external data in business logic.** Ever. +- **No silent fallbacks on bad input.** Reject explicitly. +- **No assuming shape.** Even if the API "always" returns a string — validate it. +- **No skipping env var checks.** Missing env vars must fail loudly at startup, not silently at runtime. +- **No partial filtering.** If you validate presence but not format, it is not filtered. +- **No filtering in the wrong place.** Filters go at the entry point — not somewhere downstream after the data has already been used once. + +--- + +## What This Skill Prevents + +- SQL injection via unvalidated query params +- Crashes from unexpected API response shapes +- XSS from unescaped user content rendered to UI +- Silent failures from missing env variables discovered at runtime +- Type errors from assuming external data matches expected shape +- Security vulnerabilities from untrusted data reaching sensitive operations + +--- + +## Quick Reference + +| Phase | Action | Writes Code? | +|---|---|---| +| 1 — Detect | List all entry points in scope | ❌ No | +| 2 — Classify | Assign trust level to each input | ❌ No | +| 3 — Filter | Write filter layer for all UNTRUSTED + SEMI-TRUSTED | ✅ Yes | +| 4 — Verify | Trace each input, confirm filter exists | ❌ No | + +--- + +## Limitations + +- Does not apply to purely internal logic with no external data involvement. +- May add verbosity to trivial scripts where strict validation is not required. diff --git a/antigravity-awesome-skills/skills/infinity/SKILL.md b/antigravity-awesome-skills/skills/infinity/SKILL.md new file mode 100644 index 00000000..f1f583c4 --- /dev/null +++ b/antigravity-awesome-skills/skills/infinity/SKILL.md @@ -0,0 +1,173 @@ +--- +name: infinity +description: "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw." +risk: safe +source: community +date_added: "2026-06-23" +--- + +# infinity — Input Boundary & Validation Protocol + +## Core Philosophy + +> Nothing untrusted ever reaches the core — it is stopped before contact. No external data touches the codebase raw. Every boundary where data enters the system must have a filter. + +The #1 source of silent bugs, crashes, and vulnerabilities is external data that arrives in an unexpected shape and gets used directly without checking. This skill enforces a filter layer at every entry point, every time. + +--- + +## When to Use This Skill + +- Use when you need to handle an API response +- Use when reading user input or adding a form handler +- Use when working with environment variables or CLI arguments +- Use when parsing webhooks or reading from the filesystem +- Use when any code calls `.body`, `.params`, `.query`, `.env`, `fs.read`, or a third-party SDK response + +--- + +## The Four Phases + +### PHASE 1 — Boundary Detection + +Before writing or modifying any code that involves external data, the AI must identify and list every entry point in scope: + +- HTTP request bodies, headers, query params +- User form inputs and UI-submitted data +- Environment variables and config files +- Third-party API responses +- Webhook payloads +- File reads from disk +- CLI arguments +- Database query results from external sources +- WebSocket messages + +> **The AI must not write any data-handling logic until every entry point in scope is listed.** + +--- + +### PHASE 2 — Classify Each Input + +For every entry point identified, the AI classifies it into one of three trust levels: + +| Level | Definition | Examples | +|---|---|---| +| `TRUSTED` | Internal constants, hardcoded values, your own compile-time config | Enum values, hardcoded defaults, internal constants | +| `SEMI-TRUSTED` | Your own internal services, internal APIs, controlled infrastructure | Internal microservice responses, your own database reads | +| `UNTRUSTED` | Anything from users, the internet, third parties, or the filesystem | User input, external API responses, uploaded files, env vars, CLI args | + +> **Rule:** `TRUSTED` inputs may be used directly. `SEMI-TRUSTED` and `UNTRUSTED` inputs must pass through a filter layer before any use. + +The AI outputs this classification before writing any handling code: + +``` +INFINITY — BOUNDARY MAP +───────────────────────────────────────── +Entry Point | Trust Level | Filter Required +───────────────────────────────────────── +req.body.email | UNTRUSTED | ✓ format + sanitize +process.env.API_KEY | UNTRUSTED | ✓ presence + non-empty +internalService.getData()| SEMI-TRUSTED | ✓ schema validate +PAGINATION_LIMIT = 20 | TRUSTED | ✗ none needed +───────────────────────────────────────── +``` + +--- + +### PHASE 3 — Mandatory Filter Layer + +Every `UNTRUSTED` and `SEMI-TRUSTED` input must pass through validation before it reaches any business logic, storage, or rendering. The AI must apply the right filter type for the right context: + +**Type Checking** +- Verify the input is the expected type before using it +- Never assume a string is a string, a number is a number, or an array is an array + +**Schema Validation** +- For objects and API responses, validate shape before accessing nested fields +- If a required field is missing, reject — do not use a fallback that hides the problem + +**Sanitization** +- Strip or escape content before rendering to UI (prevent XSS) +- Normalize strings before storage (trim whitespace, consistent casing where appropriate) + +**Presence & Format Checks** +- Env vars: must exist and be non-empty before use +- IDs and tokens: must match expected format before use + +**Rejection Rule** +- On invalid input: reject explicitly and return a clear error +- Never silently use bad data with a fallback +- Never let bad data pass through to fix itself "downstream" + +``` +// WRONG — using raw input directly +const user = await db.find(req.params.id); + +// RIGHT — validate before use +const id = req.params.id; +if (!id || typeof id !== 'string' || !isValidUUID(id)) { + return res.status(400).json({ error: 'Invalid ID format' }); +} +const user = await db.find(id); +``` + +--- + +### PHASE 4 — Self-Check Before Done + +Before the AI declares any data-handling code complete, it traces each entry point and confirms: + +``` +INFINITY — VERIFICATION +───────────────────────────────────────── +Entry Point | Filter Exists | Filter Type +───────────────────────────────────────── +req.body.email | ✓ YES | format + sanitize +process.env.API_KEY | ✓ YES | presence check +internalService.getData()| ✓ YES | schema validation +───────────────────────────────────────── +Unfiltered inputs reaching logic: NONE ✓ +───────────────────────────────────────── +``` + +If any `UNTRUSTED` or `SEMI-TRUSTED` input reaches logic, storage, or rendering without a filter — the AI flags it. It does not silently pass. + +--- + +## Hard Rules (Never Violated) + +- **No raw external data in business logic.** Ever. +- **No silent fallbacks on bad input.** Reject explicitly. +- **No assuming shape.** Even if the API "always" returns a string — validate it. +- **No skipping env var checks.** Missing env vars must fail loudly at startup, not silently at runtime. +- **No partial filtering.** If you validate presence but not format, it is not filtered. +- **No filtering in the wrong place.** Filters go at the entry point — not somewhere downstream after the data has already been used once. + +--- + +## What This Skill Prevents + +- SQL injection via unvalidated query params +- Crashes from unexpected API response shapes +- XSS from unescaped user content rendered to UI +- Silent failures from missing env variables discovered at runtime +- Type errors from assuming external data matches expected shape +- Security vulnerabilities from untrusted data reaching sensitive operations + +--- + +## Quick Reference + +| Phase | Action | Writes Code? | +|---|---|---| +| 1 — Detect | List all entry points in scope | ❌ No | +| 2 — Classify | Assign trust level to each input | ❌ No | +| 3 — Filter | Write filter layer for all UNTRUSTED + SEMI-TRUSTED | ✅ Yes | +| 4 — Verify | Trace each input, confirm filter exists | ❌ No | + +--- + +## Limitations + +- Does not apply to purely internal logic with no external data involvement. +- May add verbosity to trivial scripts where strict validation is not required. diff --git a/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json b/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json index f30453c0..7b368564 100644 --- a/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json +++ b/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package-lock.json @@ -8,10 +8,10 @@ "name": "todo-app-backend", "version": "1.0.0", "dependencies": { - "better-sqlite3": "^12.8.0", - "cors": "^2.8.5", + "better-sqlite3": "^12.10.0", + "cors": "^2.8.6", "express": "^4.18.2", - "express-rate-limit": "^8.5.1", + "express-rate-limit": "^8.5.2", "ip-address": "^10.2.0" }, "devDependencies": { @@ -303,9 +303,9 @@ "license": "MIT" }, "node_modules/better-sqlite3": { - "version": "12.8.0", - "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.8.0.tgz", - "integrity": "sha512-RxD2Vd96sQDjQr20kdP+F+dK/1OUNiVOl200vKBZY8u0vTwysfolF6Hq+3ZK2+h8My9YvZhHsF+RSGZW2VYrPQ==", + "version": "12.10.0", + "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.10.0.tgz", + "integrity": "sha512-CyzaZRQKyHkB2ZInfTTl2nvT33EbDpjkLEbE8/Zck3Ll6O0qqvuGdrJ45HgtH+HykRg88ITY3AdreBGN70aBSQ==", "hasInstallScript": true, "license": "MIT", "dependencies": { @@ -313,7 +313,7 @@ "prebuild-install": "^7.1.1" }, "engines": { - "node": "20.x || 22.x || 23.x || 24.x || 25.x" + "node": "20.x || 22.x || 23.x || 24.x || 25.x || 26.x" } }, "node_modules/bindings": { @@ -459,9 +459,9 @@ "license": "MIT" }, "node_modules/cors": { - "version": "2.8.5", - "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", - "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "version": "2.8.6", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz", + "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==", "license": "MIT", "dependencies": { "object-assign": "^4", @@ -469,6 +469,10 @@ }, "engines": { "node": ">= 0.10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/create-require": { @@ -688,9 +692,9 @@ } }, "node_modules/express-rate-limit": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz", - "integrity": "sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==", + "version": "8.5.2", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.2.tgz", + "integrity": "sha512-5Kb34ipNX694DH48vN9irak1Qx30nb0PLYHXfJgw4YEjiC3ZEmZJhwOp+VfiCYwFzvFTdB9QkArYS5kXa2cx2A==", "license": "MIT", "dependencies": { "ip-address": "^10.2.0" diff --git a/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package.json b/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package.json index 65061daa..c9d4541f 100644 --- a/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package.json +++ b/antigravity-awesome-skills/skills/loki-mode/examples/todo-app-generated/backend/package.json @@ -9,10 +9,10 @@ "dev": "ts-node src/index.ts" }, "dependencies": { - "better-sqlite3": "^12.8.0", - "cors": "^2.8.5", + "better-sqlite3": "^12.10.0", + "cors": "^2.8.6", "express": "^4.18.2", - "express-rate-limit": "^8.5.1", + "express-rate-limit": "^8.5.2", "ip-address": "^10.2.0" }, "devDependencies": { diff --git a/antigravity-awesome-skills/skills_index.json b/antigravity-awesome-skills/skills_index.json index aa9ee16e..d01e1d37 100644 --- a/antigravity-awesome-skills/skills_index.json +++ b/antigravity-awesome-skills/skills_index.json @@ -18272,6 +18272,28 @@ "reasons": [] } }, + { + "id": "infinity", + "path": "skills/infinity", + "category": "uncategorized", + "name": "infinity", + "description": "Enforces a strict input boundary protocol (detect, classify, filter, verify) to ensure untrusted data never reaches business logic raw.", + "risk": "safe", + "source": "community", + "date_added": "2026-06-23", + "plugin": { + "targets": { + "codex": "supported", + "claude": "supported" + }, + "setup": { + "type": "none", + "summary": "", + "docs": null + }, + "reasons": [] + } + }, { "id": "ingest-youtube", "path": "skills/ingest-youtube", diff --git a/antigravity-awesome-skills/tools/scripts/tests/npm_package_contents.test.js b/antigravity-awesome-skills/tools/scripts/tests/npm_package_contents.test.js index 9441f13d..c752d55d 100644 --- a/antigravity-awesome-skills/tools/scripts/tests/npm_package_contents.test.js +++ b/antigravity-awesome-skills/tools/scripts/tests/npm_package_contents.test.js @@ -36,6 +36,6 @@ assert.ok( ); assert.strictEqual( packageJson.dependencies?.yaml, - "^2.8.2", + "^2.9.0", "published package must declare yaml as a runtime dependency for the installer", ); diff --git a/ui-ux-pro-max/.claude-plugin/marketplace.json b/ui-ux-pro-max/.claude-plugin/marketplace.json index 332198b3..56a56681 100644 --- a/ui-ux-pro-max/.claude-plugin/marketplace.json +++ b/ui-ux-pro-max/.claude-plugin/marketplace.json @@ -6,14 +6,14 @@ }, "metadata": { "description": "UI/UX design intelligence skill with 67 styles, 161 palettes, 57 font pairings, 25 charts, and 15 stack guidelines", - "version": "2.5.0" + "version": "2.6.2" }, "plugins": [ { "name": "ui-ux-pro-max", "source": "./", "description": "Professional UI/UX design intelligence for AI coding assistants. Includes searchable databases of styles, colors, typography, charts, and UX guidelines for React, Next.js, Astro, Vue, Nuxt.js, Nuxt UI, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui, and Jetpack Compose.", - "version": "2.5.0", + "version": "2.6.2", "author": { "name": "nextlevelbuilder" }, diff --git a/ui-ux-pro-max/.claude-plugin/plugin.json b/ui-ux-pro-max/.claude-plugin/plugin.json index 30f37fb4..06145441 100755 --- a/ui-ux-pro-max/.claude-plugin/plugin.json +++ b/ui-ux-pro-max/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "ui-ux-pro-max", "description": "UI/UX design intelligence. 67 styles, 161 palettes, 57 font pairings, 25 charts, 15 stacks (React, Next.js, Vue, Svelte, Astro, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui, Nuxt, Jetpack Compose). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient.", - "version": "2.5.0", + "version": "2.6.2", "author": { "name": "nextlevelbuilder" }, diff --git a/ui-ux-pro-max/SOURCE.md b/ui-ux-pro-max/SOURCE.md index fb92b644..2aa07f61 100644 --- a/ui-ux-pro-max/SOURCE.md +++ b/ui-ux-pro-max/SOURCE.md @@ -1,8 +1,8 @@ # Source - Repo: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill -- Ref: 1518fec29d19ce905cd0c689255137b9dcab7ccc +- Ref: a13b2a02fd58d8ad325fefd9d146f62708be8456 - Remove-Paths: -- Snapshot: 2026-06-23 +- Snapshot: 2026-06-24 - Sync-Mode: render_skill - Notes: vendored into playbook branch thirdparty/skill diff --git a/ui-ux-pro-max/skill.json b/ui-ux-pro-max/skill.json index 9cdb76c7..380e5873 100644 --- a/ui-ux-pro-max/skill.json +++ b/ui-ux-pro-max/skill.json @@ -2,7 +2,7 @@ "name": "ui-ux-pro-max", "displayName": "UI/UX Pro Max", "description": "AI-powered design intelligence with 67 UI styles, 161 color palettes, 57 font pairings, 99 UX guidelines, and 25 chart types across 15+ tech stacks.", - "version": "2.5.0", + "version": "2.6.2", "author": "NextLevelBuilder", "license": "MIT", "homepage": "https://uupm.cc",