Skip to content

v1.1.0 — evaluation follow-ups

Choose a tag to compare

@bjgreenberg bjgreenberg released this 29 Jun 13:15
v1.1.0
c4f621d

A round of fixes and additions from a full skill self-evaluation.

Privacy & authoring correctness

  • Two-tier leakage-guard: generic class-patterns ship publicly; literal identifiers live in an un-committed references/leakage-denylist.local (from a .template) — the public repo no longer publishes fingerprints to block them.
  • Frontmatter description trimmed to ≤1024 chars (Anthropic's limit).

Security-framework naming (the controls already existed; now they're mapped)

  • OWASP LLM Top 10 (2025) in secure-data-processing.md; OWASP API Security Top 10 (2023) — API1 BOLA ≠ web A01 — in threat-modeling-and-api-design.md.

New references

  • google-apps-script.md (+ a guarding eval) and javascript-and-typescript.md close the two headline-language gaps.

Disciplines added

  • Profile-before-you-optimize; legacy-refactor + tech-debt register; systems-theory naming (feedback loops, Senge archetypes, iceberg/Cynefin, Conway's Law, Safety-II); PCI-DSS / NIST AI RMF / ISO 42001 / i18n one-liners.

Repo/community

  • README "What it governs" coverage section; MAINTAINERS.md; CODEOWNERS prepared for a second maintainer.

See the full changelog in SKILL.md.