Adds two optional SKILL.md frontmatter fields for downstream consumers
(e.g. aggregators and MCP servers) that need to resolve the license of
upstream-sourced skills at ingest time.
- `license`: SPDX expression for the upstream source material (e.g. `MIT`)
- `license_source`: URL to the upstream LICENSE file for automated verification
Both fields are strictly optional and non-breaking. Existing skills with no
`license` field are treated as "license not declared" by tooling — no inference
or default is assumed.
Also adds:
- PR checklist item prompting contributors to declare license provenance when
`source_repo` is set (`.github/PULL_REQUEST_TEMPLATE.md`)
- "License provenance" subsection in `docs/contributors/skill-anatomy.md`
documenting when and how to use the new fields
Co-authored-by: Joel Morrison <spinbitz@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Clarify that validate and automated skill-review are necessary but not sufficient for skill and risky guidance changes. Add the requirement consistently to contributing guidance, the quality bar, and the PR checklist so maintainers explicitly review logic, safety, failure modes, and risk labeling before merge.
Consolidate the repository into clearer apps, tools, and layered docs areas so contributors can navigate and maintain it more reliably. Align validation, metadata sync, and CI around the same canonical workflow to reduce drift across local checks and GitHub Actions.
