v0.1.109

What's new

• Hardens the composite GitHub Action by passing user-controlled inputs through step env variables before using them in bash commands.
• Adds regression coverage that fails if risky Action inputs are interpolated directly into shell scripts.
• Clarifies the repo policy: default CLI analysis remains offline; explicit GitHub-facing commands may use the GitHub API.
• Adds bug report and feature request issue templates plus a pull request template to improve contributor intake and public maintainer signal.
• Updates Action examples, use-case docs, llms.txt, and OpenAI OSS brief evidence to v0.1.109.

Verification

• npm run check passed with 111 tests.
• git diff --check passed.
• npm audit --omit=dev found 0 vulnerabilities.
• npm pack --dry-run --json produced trace-to-skill@0.1.109 without compiled tests.
• CI: https://github.com/grnbtqdbyx-create/trace-to-skill/actions/runs/26759945963
• Codex Readiness: https://github.com/grnbtqdbyx-create/trace-to-skill/actions/runs/26759945583