feat: add skill-guards plugin to enforce fresh execution on every skill invocation

[JacobPEvans]

Summary

Introduces the skill-guards plugin, a three-layer defense-in-depth system to ensure Claude re-executes skills from scratch on every invocation instead of reusing stale cached results. This layer injects a "FRESH EXECUTION" systemMessage via UserPromptSubmit hook when a skill is invoked, forcing complete re-evaluation.

Changes

• skill-guards plugin (skill-guards/): New plugin with:

  • UserPromptSubmit hook that detects skill invocation patterns (/skill-name)
  • Injects a "FRESH EXECUTION" systemMessage forcing fresh re-execution
  • 10 bats tests covering skill detection, false positives, and malformed input
  • Integration into .claude-plugin/marketplace.json for discovery

• Skill state warnings (6 skills updated):

  • /ship, /finalize-pr, /resolve-pr-threads, /refresh-repo, /wrap-up, /squash-merge-pr
  • Each now includes a skill-specific state warning preamble naming the async events that make prior results stale
  • Examples: /ship warns about queued/running workflow jobs; /finalize-pr warns about comment/review state changes

• Configuration updates:

  • AGENTS.md: Added skill-guards to plugin reference
  • cspell.json: Added skill-guards-specific vocabulary

Test Plan

• 10 bats tests pass (skill detection, false positive exclusion, malformed input)
• CI: linting, cspell, markdownlint, agentskills validate
• Manual: new session → invoke /ship twice → verify systemMessage appears and all steps re-execute
• Manual: type /usr/bin/python → verify no false positive trigger

Architecture

Part of a three-layer defense-in-depth system:

1. Global rules (ships via ai-assistant-instructions + nix-ai): Foundation rules
2. skill-guards plugin (this PR): Per-invocation fresh execution enforcement
3. (Future) Additional validation layers as needed

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Adds a new skill-guards hook-only plugin to reduce “stale state” behavior by injecting a fresh-execution reminder whenever a user invokes a /skill, plus adds skill-level preamble warnings for commonly re-invoked skills.

Changes:

• Introduces skill-guards plugin with a UserPromptSubmit hook that detects /skill-name and emits a systemMessage reminder.
• Adds bats coverage for skill detection and false-positive exclusions.
• Adds “State warning” preambles to several high-usage skills and registers the plugin in repo metadata/spellcheck/marketplace.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
skill-guards/scripts/skill-reinvocation-guard.sh	New UserPromptSubmit hook script that detects skills and injects a fresh-execution systemMessage.
skill-guards/hooks/hooks.json	Registers the new hook command with a short timeout.
skill-guards/.claude-plugin/plugin.json	Adds plugin manifest for skill-guards v2.3.2.
skill-guards/README.md	Documents the plugin’s purpose, installation, and behavior.
tests/skill-guards/skill-reinvocation-guard/skill-reinvocation-guard.bats	Adds bats tests for detection, exclusions, and malformed/empty input.
github-workflows/skills/*/SKILL.md	Adds state-staleness warning preambles to selected skills.
git-workflows/skills/*/SKILL.md	Adds state-staleness warning preambles to selected skills.
AGENTS.md	Registers the new plugin in the repo’s plugin list.
.claude-plugin/marketplace.json	Adds skill-guards to marketplace inventory with matching version/metadata.
cspell.json	Adds “reinvocation” to allowed words.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[gemini-code-assist]

Code Review

This pull request introduces the skill-guards plugin, which implements a UserPromptSubmit hook to ensure fresh execution of skills by injecting a system message when a skill invocation is detected. It also adds state warnings to several SKILL.md files to remind the model to re-fetch live data. The review feedback focuses on improving the robustness of the skill-reinvocation-guard.sh script, specifically by refining the regex to avoid false positives with filesystem paths, expanding the directory exclusion list, and following shell best practices such as using printf instead of echo.