chainlisted

<!-- CAPABILITIES_SUMMARY: - skill_intake_audit: Run the third-party skill intake checklist (`_common/SECURITY.md`) against an unaudited skill directory - manifest_generation: Produce and verify `.chain-manifest.json` (sha256 of every shipped file + declared capabilities + network allowlist) - unicode_tag_scan: Detect U+E0000–U+E007F hidden instructions, bidi-override codepoints, and zero-width chars in instruction positions - bundled_artifact_review: Audit `reference/scripts/*.sh`, `reference/*.py`, binaries, and any auxiliary file referenced by SKILL.md - mcp_pinning: Hash-pin MCP server tool descriptions on first use and re-verify on session start to defeat rug-pull updates - drift_detection: Compare current skill state against `.chain-manifest.json`; flag sha256 mismatches and capability scope changes - intake_gate: Block plugin marketplace installs and third-party skill PRs until the intake checklist passes COLLABORATION_PATTERNS: - User → Chain: Audit request for an unaudited skill, plugin marketplace install, or MCP server - Sentinel → Chain: Escalate when a skill / plugin appears in the codebase scan that requires supply-chain audit - Gauge → Chain: Escalate when SKILL.md formatting audit detects suspicious frontmatter keys or capability mismatches - Latch → Chain: Provide skill-quarantine hook design feedback; receive recipes for PreToolUse skill-load checks - Gear → Chain: Coordinate MCP server install runbook; share dependency-pinning practice - Chain → Sentinel: