v1.1.0 — evaluation follow-ups
A round of fixes and additions from a full skill self-evaluation.
Privacy & authoring correctness
- Two-tier
leakage-guard: generic class-patterns ship publicly; literal identifiers live in an un-committedreferences/leakage-denylist.local(from a.template) — the public repo no longer publishes fingerprints to block them. - Frontmatter
descriptiontrimmed to ≤1024 chars (Anthropic's limit).
Security-framework naming (the controls already existed; now they're mapped)
- OWASP LLM Top 10 (2025) in
secure-data-processing.md; OWASP API Security Top 10 (2023) — API1 BOLA ≠ web A01 — inthreat-modeling-and-api-design.md.
New references
google-apps-script.md(+ a guarding eval) andjavascript-and-typescript.mdclose the two headline-language gaps.
Disciplines added
- Profile-before-you-optimize; legacy-refactor + tech-debt register; systems-theory naming (feedback loops, Senge archetypes, iceberg/Cynefin, Conway's Law, Safety-II); PCI-DSS / NIST AI RMF / ISO 42001 / i18n one-liners.
Repo/community
- README "What it governs" coverage section;
MAINTAINERS.md; CODEOWNERS prepared for a second maintainer.
See the full changelog in SKILL.md.