diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b75397..cc0c4e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,10 @@ each new wave of skills bumps the **major** version, extensions and fixes bump
## [Unreleased]
+_Nothing yet._
+
+## [19.0.0] — Security Auditor, Personas & Catalog — 2026-06-18
+
### Added
- **Skill Security Auditor** — `scripts/skill-audit.mjs` scans installable content
(`skills/*/SKILL.md` + each skill's `scripts/`) for prompt injection, data
@@ -195,7 +199,8 @@ Earlier releases (v1.0.0 – v5.0.0) predate this changelog. See the
[article series](README.md#-the-article-series) for the full history of how the
library grew from the first PM toolkit to 100+ skills.
-[Unreleased]: https://github.com/mohitagw15856/pm-claude-skills/compare/v18.0.0...HEAD
+[Unreleased]: https://github.com/mohitagw15856/pm-claude-skills/compare/v19.0.0...HEAD
+[19.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v18.0.0...v19.0.0
[18.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v17.0.0...v18.0.0
[17.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v16.0.0...v17.0.0
[16.0.0]: https://github.com/mohitagw15856/pm-claude-skills/compare/v15.0.0...v16.0.0
diff --git a/README.md b/README.md
index 12a62ce..5b4398c 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
[](#-works-with--cross-tool-compatibility)
[](.github/workflows/skillcheck.yml)
[](.github/workflows/skill-audit.yml)
-[](https://github.com/mohitagw15856/pm-claude-skills/releases)
+[](https://github.com/mohitagw15856/pm-claude-skills/releases)
[](https://github.com/mohitagw15856/pm-claude-skills#-quick-install-2-minutes)
[](LICENSE)
[](https://github.com/sponsors/mohitagw15856)
@@ -22,7 +22,7 @@
A community-built library of professional skills for every field — product management, engineering, customer success, marketing, social media, writers, design, legal, finance, HR, sales, operations, research, and more. Each skill is a structured `SKILL.md` file that teaches an AI assistant how to produce professional-grade outputs for your workflows. Skills run natively in **Claude Code** and **Hermes Agent** (same open `SKILL.md` standard), and ship as ready-to-paste exports for **ChatGPT** and **Gemini** — see [Works With](#-works-with--cross-tool-compatibility).
-**🆕 Latest release (v18.0.0 — Windsurf, Aider & an MCP Server):** two more install targets (Windsurf, Aider — now 5 export platforms across 7 tools) and a zero-dependency **MCP server** (`npx pm-claude-skills-mcp`) so MCP clients search and pull skills on demand. See the [changelog](#-changelog).
+**🆕 Latest release (v19.0.0 — Security Auditor, Personas & Catalog):** a CI **Skill Security Auditor** that flags prompt-injection / unsafe code in any skill, **4 personas** (output-styles), an [orchestration guide](ORCHESTRATION.md), a server-rendered **skill catalog**, and a public [roadmap](ROADMAP.md). See the [changelog](#-changelog).
@@ -379,14 +379,24 @@ More templates will follow. If you want to contribute one, see the [template con
The highlights are below. For the structured, [Keep a Changelog](https://keepachangelog.com/)-format history, see **[CHANGELOG.md](CHANGELOG.md)**.
-### 🆕 What's New in v18.0.0 — Windsurf, Aider & an MCP Server
+### 🆕 What's New in v19.0.0 — Security Auditor, Personas & Catalog
-The library reaches more tools and adds a new content type:
+Trust, more content types, and discoverability:
-- **Two more install targets** — **Windsurf** (`.windsurf/rules/*.md`) and **Aider** (`aider --read`). The library now exports to **5 platforms** (ChatGPT, Gemini, Cursor, Windsurf, Aider) and installs into **7 tools**.
-- **MCP server** (`npx pm-claude-skills-mcp`) — a zero-dependency Model Context Protocol server so MCP clients (Claude Desktop, Cline) **search and pull skills on demand** via `list_skills` / `search_skills` / `get_skill`. See [`mcp/`](mcp/).
-- **Automated npm publishing** — a GitHub Actions workflow ships the package on every release.
-- **Hero demo placement** in the README, ready for a Playground GIF.
+- **Skill Security Auditor** — `scripts/skill-audit.mjs` scans every skill (and its scripts) for prompt injection, data exfiltration, unsafe code, secrets, and hidden text; **HIGH findings fail CI**. New `security audit` badge + a `skill-security-auditor` skill.
+- **Personas** — 4 Claude Code output-styles (Startup CTO, Growth Marketer, Solo Founder, Product Leader) in [`output-styles/`](output-styles/).
+- **Orchestration guide** ([`ORCHESTRATION.md`](ORCHESTRATION.md)) — Skill Chain, Multi-Agent Handoff, Domain Deep-Dive, Solo Sprint.
+- **Static skill catalog** — a server-rendered, SEO-indexable catalog of every skill (linked from the README + Playground).
+- **Public roadmap** ([`ROADMAP.md`](ROADMAP.md)) with now/next/later + good first issues.
+
+
+v18.0.0 — Windsurf, Aider & an MCP Server (click to expand)
+
+- **Two more install targets** — **Windsurf** and **Aider** (now 5 export platforms / 7 tools).
+- **MCP server** (`npx pm-claude-skills-mcp`) — search & pull skills on demand from MCP clients.
+- **Automated npm publishing** workflow; README hero demo placement.
+
+
v17.0.0 — Agents, Commands & the npx CLI (click to expand)
diff --git a/SECURITY.md b/SECURITY.md
index 8cc8bfb..b094be7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,9 +10,9 @@ That said, security matters here in two specific ways: **skill file safety** and
| Version | Supported |
|---|---|
-| v18.x (latest) | ✅ Active |
-| v16.x – v17.x | ✅ Security fixes only |
-| < v16.0.0 | ❌ No longer supported |
+| v19.x (latest) | ✅ Active |
+| v17.x – v18.x | ✅ Security fixes only |
+| < v17.0.0 | ❌ No longer supported |
Because skills are plain markdown, "support" means we review and correct any reported
safety issue (prompt injection, unsafe instructions) in the listed versions.
diff --git a/package.json b/package.json
index fa7c602..59f5321 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "pm-claude-skills",
- "version": "18.0.0",
+ "version": "19.0.0",
"type": "module",
"description": "167 professional Agent Skills (SKILL.md) + subagents + slash commands for Claude, ChatGPT, Gemini, Cursor, Codex & Hermes. Install into any AI coding tool with: npx pm-claude-skills add --agent .",
"keywords": [