feat: Add MkDocs documentation, GitHub Actions, and CONTRIBUTING guide

- Add mkdocs.yml with Material theme configuration
- Create docs/ structure with getting-started guides
- Add skills catalog index page
- Add GitHub Actions for:
  - Automated skill catalog generation on push
  - MkDocs deployment to GitHub Pages
- Add scripts/generate-skill-index.py for dynamic skill discovery
- Add CONTRIBUTING.md with skill creation template
- Add changelog.md

Docs will be published to: https://developerscoffee.github.io/java-cwe-security-skills/

Author: fynchauhanuday

.github/workflows/deploy-docs.yml

@@ -0,0 +1,71 @@
+name: Deploy MkDocs to GitHub Pages
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'docs/**'
+      - 'mkdocs.yml'
+      - 'cwe-*/**'
+      - '.github/workflows/deploy-docs.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pages: write
+  id-token: write
+
+jobs:
+  generate-skill-index:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Generate Skill Index
+        run: |
+          python scripts/generate-skill-index.py
+
+      - name: Upload generated docs
+        uses: actions/upload-artifact@v4
+        with:
+          name: generated-docs
+          path: docs/skills/
+
+  deploy:
+    needs: generate-skill-index
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download generated docs
+        uses: actions/download-artifact@v4
+        with:
+          name: generated-docs
+          path: docs/skills/
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install MkDocs and dependencies
+        run: |
+          pip install mkdocs-material pymdown-extensions
+
+      - name: Build MkDocs site
+        run: mkdocs build --strict
+
+      - name: Deploy to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./site
+          publish_branch: gh-pages
+          force_orphan: true
+

.github/workflows/generate-skill-catalog.yml

@@ -0,0 +1,50 @@
+name: Generate CWE Skill Catalog
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'cwe-*/**'
+  pull_request:
+    paths:
+      - 'cwe-*/**'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  generate-catalog:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: pip install pyyaml
+
+      - name: Generate skill catalog
+        run: python scripts/generate-skill-index.py
+
+      - name: Update index.md
+        run: |
+          if [ -f "docs/skills/_generated_index.md" ]; then
+            mv docs/skills/_generated_index.md docs/skills/index.md
+          fi
+
+      - name: Commit changes
+        if: github.event_name == 'push'
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          git add docs/skills/
+          git diff --quiet && git diff --staged --quiet || git commit -m "🤖 Auto-generate skill catalog [skip ci]"
+          git push || echo "No changes to push"
+

CONTRIBUTING.md

@@ -0,0 +1,207 @@
+# Contributing to Java CWE Security Skills
+
+Thank you for your interest in contributing! This guide explains how to create new CWE security skills.
+
+---
+
+## 📋 Prerequisites
+
+- Familiarity with Java security vulnerabilities
+- Understanding of MITRE CWE framework
+- Knowledge of secure coding practices
+
+---
+
+## 🗂️ Skill Folder Structure
+
+Each skill lives in its own folder following this naming convention:
+
+```
+cwe-{number}-{short-name}/
+└── SKILL.md
+```
+
+**Examples:**
+- `cwe-89-sql-injection/`
+- `cwe-79-xss/`
+- `cwe-327-weak-cryptography/`
+
+---
+
+## 📝 SKILL.md Template
+
+Every skill must contain a `SKILL.md` file with this structure:
+
+```markdown
+---
+name: cwe-{number}-{short-name}
+description: Brief description of the vulnerability
+version: 1.0.0
+tags:
+  - security
+  - java
+  - cwe-{number}
+  - {category}
+---
+
+# CWE-{number} {Official CWE Name}
+
+## Description
+
+{Detailed description of the vulnerability}
+
+Reference: https://cwe.mitre.org/data/definitions/{number}.html
+
+**OWASP Category**: {OWASP Top 10 category if applicable}
+
+---
+
+## Vulnerable Pattern
+
+### ❌ Example 1
+
+```java
+// Vulnerable code example
+```
+
+### ❌ Example 2
+
+```java
+// Another vulnerable pattern
+```
+
+---
+
+## Deterministic Fix
+
+### ✅ Secure Implementation
+
+```java
+// Correct, secure code
+```
+
+---
+
+## Detection Pattern
+
+```bash
+# grep/regex commands to find vulnerable code
+grep -rn "pattern" --include="*.java" src/
+```
+
+---
+
+## Remediation Steps
+
+1. Step one
+2. Step two
+3. Step three
+
+---
+
+## Key Imports
+
+```java
+import required.packages;
+```
+
+---
+
+## Verification
+
+- Re-run SAST scan
+- Test with attack payloads
+- Verify functionality preserved
+
+---
+
+## References
+
+- [CWE-{number}](https://cwe.mitre.org/data/definitions/{number}.html)
+- [OWASP Cheat Sheet](link)
+```
+
+---
+
+## 🚀 Creating a New Skill
+
+### Step 1: Choose a CWE
+
+Pick a CWE from the [MITRE CWE List](https://cwe.mitre.org/data/definitions/699.html) that:
+- Affects Java applications
+- Has deterministic remediation patterns
+- Is not already covered in this repository
+
+### Step 2: Create the folder
+
+```bash
+mkdir cwe-XXX-short-name
+touch cwe-XXX-short-name/SKILL.md
+```
+
+### Step 3: Research the vulnerability
+
+- Read the official CWE description
+- Find vulnerable code examples
+- Document the secure fix pattern
+
+### Step 4: Write the SKILL.md
+
+Use the template above. Include:
+- At least 2 vulnerable code examples
+- At least 1 secure implementation
+- grep commands for detection
+- Step-by-step remediation
+
+### Step 5: Test your skill
+
+Verify the skill works with an AI coding assistant:
+
+```
+Fix CWE-XXX in this code: [paste vulnerable code]
+```
+
+---
+
+## ✅ Pull Request Checklist
+
+- [ ] Folder follows naming convention: `cwe-{number}-{name}/`
+- [ ] SKILL.md uses the required template
+- [ ] YAML frontmatter is valid
+- [ ] At least 2 vulnerable code examples
+- [ ] At least 1 secure implementation
+- [ ] Detection commands work
+- [ ] References include CWE link
+- [ ] Tested with AI assistant
+
+---
+
+## 📌 Code Style
+
+- Use 4-space indentation in Java examples
+- Include complete, compilable code snippets
+- Add comments explaining the vulnerability/fix
+- Use realistic, production-like examples
+
+---
+
+## 🏷️ Tagging Guidelines
+
+Use these standard tags in your SKILL.md frontmatter:
+
+| Tag | When to use |
+|-----|-------------|
+| `security` | Always |
+| `java` | Always |
+| `cwe-{number}` | Always |
+| `injection` | SQL, XSS, Command, etc. |
+| `cryptography` | Crypto-related |
+| `authentication` | Auth/session issues |
+| `access-control` | Authorization issues |
+
+---
+
+## 💬 Questions?
+
+Open an issue or discussion on GitHub.
+