chore(deps): update dependency sickn33/antigravity-awesome-skills to v11

[gw0-bot]

This PR contains the following updates:

Package	Update	Change
sickn33/antigravity-awesome-skills	major	10.8.0 → 11.5.0

---

Release Notes

sickn33/antigravity-awesome-skills (sickn33/antigravity-awesome-skills)

v11.5.0: "Security Boundary Hardening and New Agent Skills"

Compare Source

[11.5.0] - 2026-05-21 - "Security Boundary Hardening and New Agent Skills"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

This release hardens plugin-safe distribution boundaries, resolves the current Dependabot ws alert in the web app lockfile, and merges PR #​604 and PR #​605 through the maintainer workflow.

New Skills

• subagent-orchestrator - quota-aware parallel subagent coordination for large, multi-file Antigravity tasks.
• bilig-workpaper - formula-backed WorkPaper JSON and MCP guidance for deterministic spreadsheet-style agent workflows.

Security

• plugin-safe boundary hardening - blocks critical-risk or third-party setup-sensitive community skills from the generated Codex and Claude plugin-safe distributions.
• ingest-youtube input hardening - validates single-video YouTube URLs, terminates yt-dlp options with --, ignores user config, adds subprocess timeouts, and neutralizes untrusted metadata in generated markdown.
• web app dependency fixes - updates ws to the patched 8.20.1 range and refreshes vulnerable transitive audit entries in apps/web-app/package-lock.json.

Improvements

• generated artifact sync - refreshes compatibility data, skill indexes, plugin mirrors, docs, and visible skill counts to 1,464+.
• subagent-orchestrator metadata - normalizes PR #​604 metadata so the skill passes repository validation.

Who should care

• Plugin users get a safer marketplace-style distribution that excludes setup-sensitive critical workflows from safe plugin bundles.
• Vault users get safer YouTube transcript ingestion with stricter URL and markdown handling.
• Agent workflow builders get two new community skills for parallel agent coordination and formula-backed workbook automation.

Credits

• @​sulavmgr456-byte for PR #​604 (subagent-orchestrator).
• @​gregkonush for PR #​605 (bilig-workpaper).

v11.4.1

Compare Source

[11.4.1] - 2026-05-20 - "Installer Supply-Chain Hardening"

Patch release for the npm installer used by Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

This release hardens the npm installer after reviewing Socket.dev's AI-detected code-anomaly warning for tools/bin/install.js.

Improvements

• release-pinned installs - default npx antigravity-awesome-skills installs now clone the matching package release tag instead of the repository tip, reducing drift between npm package contents and installed skills.
• git ref validation - --tag and --version refs are validated before invoking git clone, while still allowing explicit branch installs such as --tag main.
• destination symlink guard - installer copy operations now refuse to write through pre-existing destination symlinks.
• installer docs and regression coverage - documents the release-pinned default and adds installer tests for release-tag resolution and unsafe ref rejection.

Who should care

• npm users get installer behavior that is pinned to the published package version by default.
• security scanners and maintainers get a narrower supply-chain surface for the installer path Socket flagged.

v11.4.0: "Mercury MCP, Photopea Embeds, and Codex Bundle Names"

Compare Source

[11.4.0] - 2026-05-20 - "Mercury MCP, Photopea Embeds, and Codex Bundle Names"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release merges PR #​598 and PR #​601 through the maintainer workflow, fixes issue #​597 by shortening Codex bundle plugin identifiers, and reduces antivirus false-positive risk in the Linux privilege-escalation guidance from issue #​600.

New Skills

• mercury-mcp - lookup reference for Mercury MCP tools covering messages, threads, tasks, automations, agent context, and admin-scoped team graph tools.
• photopea-embedded-editor - web-app integration guide for embedding Photopea with photopea.js, file loading, scripting, exports, layers, text, selections, and template editing patterns.

Improvements

• Codex bundle names - generated Codex bundle plugins now use compact agyb-* names while preserving existing repo-local source directories, keeping qualified skill names within the 64-character loader limit.
• bundle regression tests - adds coverage that every generated Codex bundle plugin name and plugin:skill qualified name stays within the 64-character limit.
• security skill false-positive reduction - replaces a pipe-to-shell LinPEAS example with download, inspect, chmod, and explicit execution steps for authorized labs.
• generated artifact sync - refreshes catalog, skill index, plugin mirrors, web assets, contributor credits, package metadata, and visible skill counts to 1,462+.

Who should care

• Codex CLI users can enable editorial bundles without losing valid skills to long qualified plugin names.
• MCP users get a compact Mercury tool reference for agent messaging, task tracking, and automations.
• Web app builders get a practical Photopea embedding guide for browser-based image editing workflows.
• Security learners and maintainers get safer documentation patterns that are less likely to trigger local antivirus heuristics.

Credits

• @​boeto for issue #​597 and the concrete Codex bundle-name reproduction.
• @​WagnerFFreitas for issue #​600 and the Norton false-positive report.
• @​Karthikeya-Meesala for PR #​598 (mercury-mcp).
• @​bulkmockupsfiller-ai and @​abdul-karim-mia for PR #​601 (photopea-embedded-editor).

v11.3.0: "Discovery Manifests and Recommendation Pipelines"

Compare Source

[11.3.0] - 2026-05-16 - "Discovery Manifests and Recommendation Pipelines"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release closes issue #​596 with a stable discovery-manifest contract and merges PR #​595 through the maintainer squash-merge workflow. It keeps contributor PRs source-only while making main the canonical owner of generated manifests, web assets, and release metadata.

New Skills

• recsys-pipeline-architect - recommendation, ranking, and feed pipeline design using a Source -> Hydrator -> Filter -> Scorer -> Selector -> SideEffect architecture.

Improvements

• stable discovery manifest - keeps root skills_index.json as the canonical public manifest, mirrors it exactly to data/skills_index.json, and documents lazy-loading usage for downstream tools.
• manifest schema and docs - adds schemas/skills-index.v1.schema.json plus user and integration docs that distinguish the canonical root manifest from the compatibility mirror.
• CI-safe drift checks - extends consistency auditing and PR artifact previews so root/data/web-backup manifest drift is visible and enforced on main.
• generated artifact sync - refreshes catalog, skill index, plugin mirrors, web assets, contributor credits, package metadata, and visible skill counts to 1,460+.

Who should care

• Tool builders and indexers get a stable manifest contract they can validate and consume without loading every skill up front.
• Users with large installs get clearer guidance for filtering by category, risk, source, and description before lazy-loading individual skills.
• Recommendation-system builders get a focused skill for designing composable feed and ranking pipelines across TypeScript, Go, Python, and adjacent stacks.
• Maintainers get a source-only PR path with canonical generated artifacts refreshed on main before release.

Credits

• @​latentloop07 for issue #​596 and the discovery/installability prompt.
• @​mturac for PR #​595 (recsys-pipeline-architect).

v11.2.0: "Market Intelligence, Token Routing, and Chinese Growth Skills"

Compare Source

[11.2.0] - 2026-05-13 - "Market Intelligence, Token Routing, and Chinese Growth Skills"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release merges PRs #​587, #​588, #​589, #​590, and #​591 through the maintainer workflow. It adds measurement-driven model routing, Chinese market strategy skills, MCP tool-building guidance, options-flow analysis, RSS news sentiment briefings, and a refreshed Hermes Tweet path for the X/Twitter scraper.

New Skills

• tokenwise - measurement-driven Claude Code model routing with local cost logs, A/B validation, and guarded Haiku/Sonnet/Opus task routing.
• mcp-tool-developer - end-to-end MCP server and tool development guidance across schema design, TypeScript/Python implementation, testing, deployment, and registry publishing.
• wechat-official-account-strategist - WeChat Official Account content strategy, publishing cadence, topic planning, and growth guidance.
• xiaohongshu-content-strategist - Xiaohongshu content planning, SEO-style discovery, visual hooks, and China-market creator workflows.
• options-flow-analyzer - real-versus-lottery options flow analysis that filters deep OTM noise from raw put/call ratios.
• news-sentiment-engine - multi-source RSS news aggregation and Claude-powered sentiment briefing workflow.

Improvements

• x-twitter-scraper refresh - documents the Hermes Tweet plugin path alongside the existing X/Twitter scraping guidance.
• overlap cleanup - resolves the duplicate options-flow-analyzer PR overlap by keeping the richer release-ready metadata, usage, and limitations coverage.
• generated artifact sync - refreshes catalog, skill index, plugin mirrors, web assets, package metadata, and visible skill counts to 1,459+.

Who should care

• Claude Code users get a practical cost-routing skill for measuring and reducing model spend.
• Market and research users get options-flow filtering plus structured news sentiment briefings.
• China-market operators get platform-specific WeChat and Xiaohongshu strategy workflows.
• MCP builders get a focused skill for designing, testing, and shipping tool servers.
• Maintainers get a cleaned-up five-PR batch with synced contributors, generated assets, and release validation.

Credits

• @​memurcie for PR #​587 (tokenwise).
• @​kriptoburak for PR #​588 (x-twitter-scraper Hermes Tweet path).
• @​demo112 for PR #​589 (mcp-tool-developer, wechat-official-account-strategist, xiaohongshu-content-strategist).
• @​tellmefrankie for PRs #​590 and #​591 (options-flow-analyzer, news-sentiment-engine).

v11.1.0: "Trace Audits, YouTube Ingest, and Reasoning Harnesses"

Compare Source

[11.1.0] - 2026-05-11 - "Trace Audits, YouTube Ingest, and Reasoning Harnesses"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release merges PRs #​582, #​583, #​584, and #​586 through the maintainer squash-merge workflow, including fork-run approval, PR body normalization, source-credit fixes, branch conflict refreshes, and generated-state syncs on main. It refreshes the X/Twitter scraper skill, adds local session auditing with agenttrace, adds single-video YouTube transcript ingestion, and adds an Ejentum MCP reasoning-harness workflow.

New Skills

• agenttrace-session-audit - local AI coding-agent session audits for token and cost spikes, tool failures, retry loops, latency gaps, anomalies, health scores, and session diffs.
• ingest-youtube - YouTube video transcript ingestion into markdown vaults with yt-dlp metadata, VTT cleanup, idempotent vault writes, and capture-seed stubs.
• ejentum-reasoning-harness - MCP-based cognitive harness workflow for reasoning, code review, anti-deception checks, and memory-drift analysis.

Improvements

• x-twitter-scraper refresh - updates the existing skill to the current Xquik public API surface and TweetClaw plugin path.
• source provenance and credits - adds README community credits for agenttrace, ai-brain-starter, and ejentum-mcp, with license provenance for the new externally sourced skills.
• generated artifact sync - refreshes catalog, skill index, plugin mirrors, web assets, package metadata, and visible skill counts to 1,453+.

Who should care

• Maintainers and power users get trace-level visibility into local AI coding sessions before retrying or comparing runs.
• Knowledge-base builders get a source-normalized YouTube transcript ingest path for markdown vault workflows.
• Agent workflow designers get MCP-backed reasoning harnesses for higher-risk reasoning, coding, honesty, and memory-drift tasks.
• Social and automation users get fresher X/Twitter scraper guidance aligned with the current source API and plugin ecosystem.

Credits

• @​kriptoburak for PR #​582 (x-twitter-scraper refresh).
• @​luoyuctl for PR #​583 (agenttrace-session-audit).
• @​adelaidasofia for PR #​584 (ingest-youtube).
• @​ejentum for PR #​586 (ejentum-reasoning-harness).

v11.0.0: "Agent Execution, Game Planning, and Skill Writer References"

Compare Source

[11.0.0] - 2026-05-08 - "Agent Execution, Game Planning, and Skill Writer References"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release merges PRs #​575, #​577, #​578, #​579, and #​581 through the maintainer squash-merge workflow, including fork-run approval, PR body refreshes, source-credit fixes, contributor sync, and generated-state refreshes on main. It adds on-chain transaction orchestration, richer clarification, mock-data auditing, multi-agent architecture guidance, Unity game-planning workflows, and restores the missing skill-writer reference files reported in issue #​576.

New Skills

• aomi-transact - natural-language Aomi CLI workflow for simulate-then-sign EVM transactions across DeFi and wallet-agent use cases.
• rich-elicitation - multi-round clarification workflow for deeply ambiguous tasks that need staged context gathering.
• mock-hunter - Playwright-based live-page audit workflow that classifies visible values as real, mock, LLM-generated, hardcoded, broken, or unknown.
• multi-agent-architect - LangGraph, LangChain, and DeepAgents guidance for designing, debugging, and scaling production multi-agent systems.
• unity-ai-game-creator - idea-to-Unity workflow for game concepts, blueprints, asset prompts, assembly plans, and deployment guidance.

Improvements

• skill-writer references restored - adds the missing references/ workflow files and example profile so skills/skill-writer/SKILL.md can be followed end to end.
• security hardening - pins production-audit to commitshow@0.3.23, marks it critical because it executes external npm code, adds prompt-injection guardrails to git-pr-review, tightens KubeStellar kc-agent RBAC guidance, normalizes installer manifest cleanup for flattened skills/ paths, and updates Loki example backend dependencies to clear the open ip-address Dependabot alerts.
• source provenance and credits - adds README source coverage for Aomi, Rich Elicitation, and MockHunter, and normalizes the multi-agent-architect risk/source metadata before release.
• generated artifact sync - refreshes catalog, skill index, plugin mirrors, web assets, package metadata, and visible skill counts to 1,450+.

Who should care

• Agent builders get new workflows for on-chain execution, multi-agent architecture, and structured clarification.
• Frontend and product reviewers get a mock-data audit skill for validating whether live UI values have real backing sources.
• Game creators get a Unity-oriented planning skill for turning raw concepts into actionable production and asset-generation plans.
• Skill authors and maintainers get the completed skill-writer reference workflow and cleaner release metadata.

Credits

• @​CeciliaZ030 for PR #​575 (aomi-transact).
• @​CyberZenithX for PR #​577 (rich-elicitation).
• @​memurcie for PR #​578 (mock-hunter).
• @​pravin-python for PR #​579 (multi-agent-architect).
• @​Mann-Makhecha for PR #​581 (unity-ai-game-creator).

v10.10.0

Compare Source

[10.10.0] - 2026-05-04 - "Production Audit, Context Pruning, and BuyWhere MCP"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release merges PRs #​571, #​573, and #​574 through the maintainer squash-merge workflow, including fork-run approval, PR body normalization, source validation fixes, contributor credit sync, and generated-state refreshes on main. It adds production-readiness auditing, context/token budgeting guidance, and updates the BuyWhere source link to the general MCP server.

New Skills

• production-audit - shipped-app readiness auditing across deployment health, RLS, webhooks, secrets exposure, grants, Stripe idempotency, mobile UX, and production signals.
• recursive-context-pruning-token-budgeting - context-pruning and token-budgeting workflow for long-running AI agent sessions, concise outputs, and compression handoffs.

Improvements

• BuyWhere MCP source update - points the buywhere-product-catalog skill and README source credit to BuyWhere/buywhere-mcp, the broader MCP server entrypoint, instead of the Cursor-specific plugin.
• source provenance and credits - adds commitshow/production-audit README source coverage and refreshes contributor credits after the batch merge.
• generated artifact sync - refreshes catalog, skill index, plugin mirrors, web assets, package metadata, and visible skill counts to 1,445+.

Who should care

• Security and launch reviewers get a new production-readiness lens for deployed apps after normal in-session checks.
• Agent workflow authors get a compact context-management skill for keeping long sessions focused and token-efficient.
• Commerce-agent builders get the more general BuyWhere MCP source and onboarding path.
• Maintainers get another source-only PR batch with fresh checks, source credits, and generated artifacts aligned before release.

Credits

• @​kench001 for PR #​571 (recursive-context-pruning-token-budgeting).
• @​commitshow for PR #​573 (production-audit).
• @​BuyWhere for PR #​574 (buywhere-product-catalog source update).

v10.9.0: "Skill Audit, PR Writing, and Heading Cleanup"

Compare Source

[10.9.0] - 2026-05-03 - "Skill Audit, PR Writing, and Heading Cleanup"

Installable skill library update for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and related AI coding assistants.

Start here:

• Install: npx antigravity-awesome-skills
• Choose your tool: README -> Choose Your Tool
• Best skills by tool: README -> Best Skills By Tool
• Bundles: docs/users/bundles.md
• Workflows: docs/users/workflows.md

This release merges PRs #​565, #​569, and #​570 through the maintainer squash-merge workflow, closes issue #​568 with a repo-wide heading cleanup, and closes issue #​566 as out of scope for this skill-library repository.

New Skills

• skill-audit - defensive pre-install review workflow for auditing third-party agent skills before installation.
• git-pr-review - token-efficient pull-request description workflow based on commit history.
• mise-configurator - production-ready mise.toml setup guidance for local development and CI/CD toolchains.

Improvements

• React file structure guidance - adds a reference section for organizing React files and component/module boundaries.
• heading quality cleanup - fixes duplicate and skipped ## heading defects reported in issue #​568 across skill and plugin skill documentation.
• source provenance and metadata - credits the aptratcn/skill-audit source, adds release-ready metadata for new skills, and syncs generated catalog, index, plugin mirrors, contributor credits, and visible skill counts to 1,443+.

Who should care

• Claude Code, Cursor, Codex CLI, Gemini CLI, and Antigravity users get three new installable skills across security review, PR writing, and toolchain setup.
• React users get clearer file-structure guidance inside the React patterns skill.
• Maintainers get cleaner heading structure, warning-budget headroom, and refreshed generated artifacts before the release.

Credits

• @​aptratcn for PR #​565 (skill-audit).
• @​hardeepcoder for PR #​569 (react-patterns file structure guidance).
• @​thejasreddyc for PR #​570 (git-pr-review, mise-configurator).

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.