Bump to v19.0.0 (Security Auditor, Personas & Catalog) (#36)
- package.json -> 19.0.0 - README badge + "What's New in v19.0.0" (v18 collapsed), latest-release line - CHANGELOG: promote [Unreleased] -> [19.0.0] with compare links - SECURITY.md supported-versions table Ships the security auditor, personas, orchestration guide, docs catalog, and roadmap to npm on publish. Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
+6
-1
@@ -9,6 +9,10 @@ each new wave of skills bumps the **major** version, extensions and fixes bump
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
_Nothing yet._
|
||||
|
||||
## [19.0.0] — Security Auditor, Personas & Catalog — 2026-06-18
|
||||
|
||||
### Added
|
||||
- **Skill Security Auditor** — `scripts/skill-audit.mjs` scans installable content
|
||||
(`skills/*/SKILL.md` + each skill's `scripts/`) for prompt injection, data
|
||||
@@ -195,7 +199,8 @@ Earlier releases (v1.0.0 – v5.0.0) predate this changelog. See the
|
||||
[article series](README.md#-the-article-series) for the full history of how the
|
||||
library grew from the first PM toolkit to 100+ skills.
|
||||
|
||||
[Unreleased]: https://github.com/mohitagw15856/pm-claude-skills/compare/v18.0.0...HEAD
|
||||
[Unreleased]: https://github.com/mohitagw15856/pm-claude-skills/compare/v19.0.0...HEAD
|
||||
[19.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v18.0.0...v19.0.0
|
||||
[18.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v17.0.0...v18.0.0
|
||||
[17.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v16.0.0...v17.0.0
|
||||
[16.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v15.0.0...v16.0.0
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
[](#-works-with--cross-tool-compatibility)
|
||||
[](.github/workflows/skillcheck.yml)
|
||||
[](.github/workflows/skill-audit.yml)
|
||||
[](https://github.com/mohitagw15856/pm-claude-skills/releases)
|
||||
[](https://github.com/mohitagw15856/pm-claude-skills/releases)
|
||||
[](https://github.com/mohitagw15856/pm-claude-skills#-quick-install-2-minutes)
|
||||
[](LICENSE)
|
||||
[](https://github.com/sponsors/mohitagw15856)
|
||||
@@ -22,7 +22,7 @@
|
||||
|
||||
A community-built library of professional skills for every field — product management, engineering, customer success, marketing, social media, writers, design, legal, finance, HR, sales, operations, research, and more. Each skill is a structured `SKILL.md` file that teaches an AI assistant how to produce professional-grade outputs for your workflows. Skills run natively in **Claude Code** and **Hermes Agent** (same open `SKILL.md` standard), and ship as ready-to-paste exports for **ChatGPT** and **Gemini** — see [Works With](#-works-with--cross-tool-compatibility).
|
||||
|
||||
**🆕 Latest release (v18.0.0 — Windsurf, Aider & an MCP Server):** two more install targets (Windsurf, Aider — now 5 export platforms across 7 tools) and a zero-dependency **MCP server** (`npx pm-claude-skills-mcp`) so MCP clients search and pull skills on demand. See the [changelog](#-changelog).
|
||||
**🆕 Latest release (v19.0.0 — Security Auditor, Personas & Catalog):** a CI **Skill Security Auditor** that flags prompt-injection / unsafe code in any skill, **4 personas** (output-styles), an [orchestration guide](ORCHESTRATION.md), a server-rendered **skill catalog**, and a public [roadmap](ROADMAP.md). See the [changelog](#-changelog).
|
||||
|
||||
<!-- DEMO: replace web/docs-assets/playground.png below with web/docs-assets/playground-demo.gif
|
||||
once recorded (see web/docs-assets/README.md for how). The link goes to the live app. -->
|
||||
@@ -379,14 +379,24 @@ More templates will follow. If you want to contribute one, see the [template con
|
||||
|
||||
The highlights are below. For the structured, [Keep a Changelog](https://keepachangelog.com/)-format history, see **[CHANGELOG.md](CHANGELOG.md)**.
|
||||
|
||||
### 🆕 What's New in v18.0.0 — Windsurf, Aider & an MCP Server
|
||||
### 🆕 What's New in v19.0.0 — Security Auditor, Personas & Catalog
|
||||
|
||||
The library reaches more tools and adds a new content type:
|
||||
Trust, more content types, and discoverability:
|
||||
|
||||
- **Two more install targets** — **Windsurf** (`.windsurf/rules/*.md`) and **Aider** (`aider --read`). The library now exports to **5 platforms** (ChatGPT, Gemini, Cursor, Windsurf, Aider) and installs into **7 tools**.
|
||||
- **MCP server** (`npx pm-claude-skills-mcp`) — a zero-dependency Model Context Protocol server so MCP clients (Claude Desktop, Cline) **search and pull skills on demand** via `list_skills` / `search_skills` / `get_skill`. See [`mcp/`](mcp/).
|
||||
- **Automated npm publishing** — a GitHub Actions workflow ships the package on every release.
|
||||
- **Hero demo placement** in the README, ready for a Playground GIF.
|
||||
- **Skill Security Auditor** — `scripts/skill-audit.mjs` scans every skill (and its scripts) for prompt injection, data exfiltration, unsafe code, secrets, and hidden text; **HIGH findings fail CI**. New `security audit` badge + a `skill-security-auditor` skill.
|
||||
- **Personas** — 4 Claude Code output-styles (Startup CTO, Growth Marketer, Solo Founder, Product Leader) in [`output-styles/`](output-styles/).
|
||||
- **Orchestration guide** ([`ORCHESTRATION.md`](ORCHESTRATION.md)) — Skill Chain, Multi-Agent Handoff, Domain Deep-Dive, Solo Sprint.
|
||||
- **Static skill catalog** — a server-rendered, SEO-indexable catalog of every skill (linked from the README + Playground).
|
||||
- **Public roadmap** ([`ROADMAP.md`](ROADMAP.md)) with now/next/later + good first issues.
|
||||
|
||||
<details>
|
||||
<summary><strong>v18.0.0 — Windsurf, Aider & an MCP Server</strong> (click to expand)</summary>
|
||||
|
||||
- **Two more install targets** — **Windsurf** and **Aider** (now 5 export platforms / 7 tools).
|
||||
- **MCP server** (`npx pm-claude-skills-mcp`) — search & pull skills on demand from MCP clients.
|
||||
- **Automated npm publishing** workflow; README hero demo placement.
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary><strong>v17.0.0 — Agents, Commands & the npx CLI</strong> (click to expand)</summary>
|
||||
|
||||
+3
-3
@@ -10,9 +10,9 @@ That said, security matters here in two specific ways: **skill file safety** and
|
||||
|
||||
| Version | Supported |
|
||||
|---|---|
|
||||
| v18.x (latest) | ✅ Active |
|
||||
| v16.x – v17.x | ✅ Security fixes only |
|
||||
| < v16.0.0 | ❌ No longer supported |
|
||||
| v19.x (latest) | ✅ Active |
|
||||
| v17.x – v18.x | ✅ Security fixes only |
|
||||
| < v17.0.0 | ❌ No longer supported |
|
||||
|
||||
Because skills are plain markdown, "support" means we review and correct any reported
|
||||
safety issue (prompt injection, unsafe instructions) in the listed versions.
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "pm-claude-skills",
|
||||
"version": "18.0.0",
|
||||
"version": "19.0.0",
|
||||
"type": "module",
|
||||
"description": "167 professional Agent Skills (SKILL.md) + subagents + slash commands for Claude, ChatGPT, Gemini, Cursor, Codex & Hermes. Install into any AI coding tool with: npx pm-claude-skills add --agent <tool>.",
|
||||
"keywords": [
|
||||
|
||||
Reference in New Issue
Block a user