(deps): Bump moonrunnerkc/skillcheck from 0.2.0 to 1.3.0

[dependabot]

Bumps moonrunnerkc/skillcheck from 0.2.0 to 1.3.0.

Release notes

Sourced from moonrunnerkc/skillcheck's releases.

v1.3.0

Full Changelog: moonrunnerkc/skillcheck@v1...v1.3.0

v1.2.3

Added

• --format github: outputs diagnostics as GitHub Actions workflow commands (::error, ::warning, ::notice) with proper escaping for file, line, and message properties. The GitHub Action now defaults to this format so PR annotations render automatically without a Python entrypoint.
• .pre-commit-hooks.yaml: adds a skillcheck hook for pre-commit, matching SKILL.md files and passing filenames to the CLI.
• CONTRIBUTING.md: documents the release convention (immutable patch tags plus a force-updated v1 moving major tag).
• tests/__init__.py: makes the test package importable, fixing from tests.conftest in environments where another tests package shadows the path.
• nargs="+" on the path argument: the CLI now accepts multiple paths (required by pre-commit's pass_filenames mode). Single-path usage is unchanged.

Changed

• action.yml simplified to a two-step composite action that installs skillcheck via pip and runs it directly. The Python entrypoint (action/entrypoint.py) is no longer invoked; --format github handles PR annotations natively. The format input defaults to github (was json, which was ignored at runtime).
• README GitHub Action section updated to reflect automatic PR annotations via --format github.
• README pre-commit section added with a .pre-commit-config.yaml snippet.
• README test count updated to 730.

Fixed

• Path separators in --format github output normalized to forward slashes for Windows compatibility.

Removed

• The Python entrypoint (action/entrypoint.py) for annotation parsing and step summary generation is no longer used by the action. The action runs skillcheck directly.

v1.2.2

[1.2.2] - 2026-05-03

Added

• compat.cursor-description-block-scalar rule (INFO by default). Flags description: >, description: >+, description: |, and description: |+ because Cursor's skills UI renders these as empty. The Cursor-safe form is description: >- (folded strip). Closes #1.
• --strict-cursor flag promotes the new rule to ERROR and fails the run. Mirrors --strict-vscode.
• cursor is now a valid --target-agent choice; promotes the rule to WARNING when set without --strict-cursor.
• strict-cursor action input (action.yml) and INPUT_STRICT_CURSOR wiring (action/entrypoint.py).
• TOML config: strict-cursor = true is now accepted in skillcheck.toml.

Changed

• frontmatter.name.required and frontmatter.description.required now append a hint when the missing field appears as a ## name: or ## description: markdown heading inside the frontmatter block. Frontmatter keys are YAML, not markdown; the hint nudges authors to drop the ## prefix. Closes #1.

v1.2.1

[1.2.1] - 2026-05-03

Fixed

• description.quality-score no longer flags verb-led descriptions starting with investigate, diagnose, triage, troubleshoot, examine, audit, inspect, compare, capture, normalize, or refactor. Expanded _ACTION_VERBS from 43 to 170 entries to cover investigation, inspection, search, code-work, output, comparison, logging, and normalization clusters. Closes #2.

... (truncated)

Changelog

Sourced from moonrunnerkc/skillcheck's changelog.

[1.3.0] - 2026-05-18

Added

• --strict umbrella flag. Escalates warning-only runs to exit 1 and turns on --strict-vscode and --strict-cursor. Reserves the strict-all config field for future strict rules to opt into automatically.
• strict action input (action.yml).
• TOML config: strict-all = true is now accepted in skillcheck.toml.
• --explain-score flag. Shows per-dimension breakdown (action, trigger, keywords, specificity, length) under each description.quality-score diagnostic in text output. JSON format always includes the breakdown object regardless of the flag.
• --fail-on-regression flag. With --history, promotes history.skill.regressed to exit 1. Independent of --strict.
• fail-on-regression and explain-score action inputs in action.yml.
• Provenance dates on cross-agent diagnostics. Every compat.* rule that encodes platform-specific behavior now includes (as of YYYY-MM-DD).
• _CLAUDE_DATA_DATE, _VSCODE_DATA_DATE, _CURSOR_DATA_DATE constants in rules/compat.py.
• test_compat_data_freshness.py: staleness tests asserting each date is within 365 days of today.
• tiktoken action input in action.yml. Set tiktoken: true to install skillcheck[tiktoken].
• score_description() now returns a 3-tuple (score, suggestions, breakdown) with per-dimension point breakdown.

Changed

• Mutual-exclusion block in CLI refactored: individual print-and-sys.exit(2) pairs replaced by _EMIT_MODES/_AUGMENT_FLAGS dicts and a single _die_on_mode_conflict() resolver. Net LOC reduced; behavior identical.
• --semantic flag help string now states that it implies --analyze-graph when no --ingest-graph is supplied.
• action.yml install line tightened from unpinned skillcheck to skillcheck>=1.2,<2. Python version pinned to 3.12 for the setup-python step.
• README options table: removed --warnings-as-errors row; added --fail-on-regression and --explain-score rows.
• README exit codes section: --strict and --fail-on-regression are now the only documented warning-escalation knobs.
• README GitHub Action section: added tiktoken: true documentation.
• Compat diagnostic messages updated with (as of YYYY-MM-DD) provenance suffixes.

Removed

• --warnings-as-errors flag (replaced by --strict, which subsumes the same exit-code escalation).
• action/entrypoint.py (unused since v1.2.3; the composite action runs skillcheck directly).
• RELEASE_NOTES_v1.0.0.md, RELEASE_NOTES_v1.0.1.md, RELEASE_NOTES_v1.1.0.md (CHANGELOG.md is the canonical history).

[1.2.3] - 2026-05-07

Added

• --format github: outputs diagnostics as GitHub Actions workflow commands (::error, ::warning, ::notice) with proper escaping for file, line, and message properties. The GitHub Action now defaults to this format so PR annotations render automatically without a Python entrypoint.
• .pre-commit-hooks.yaml: adds a skillcheck hook for pre-commit, matching SKILL.md files and passing filenames to the CLI.
• CONTRIBUTING.md: documents the release convention (immutable patch tags plus a force-updated v1 moving major tag).
• tests/__init__.py: makes the test package importable, fixing from tests.conftest in environments where another tests package shadows the path.
• nargs="+" on the path argument: the CLI now accepts multiple paths (required by pre-commit's pass_filenames mode). Single-path usage is unchanged.

Changed

• action.yml simplified to a two-step composite action that installs skillcheck via pip and runs it directly. The Python entrypoint (action/entrypoint.py) is no longer invoked; --format github handles PR annotations natively. The format input defaults to github (was json, which was ignored at runtime).
• README GitHub Action section updated to reflect automatic PR annotations via --format github.
• README pre-commit section added with a .pre-commit-config.yaml snippet.
• README test count updated to 701.

Removed

... (truncated)

Commits

• 46c4817 fix: add Python version classifiers to pyproject.toml
• 75a6d33 fix: provenance dates on unverified fields and breakdown separator spacing
• 6d47daa chore: add --explain-score docs to README options table and output section
• 7e5f187 chore: release v1.3.0
• 4915430 chore(action): optional tiktoken extra input
• 3575caf feat(compat): dated provenance on cross-agent diagnostics
• 47b253c feat(history): --fail-on-regression gate flag
• 8dae7bb feat(cli): --explain-score breakdown for description quality
• 6be3832 chore: add .venv/ to .gitignore and remove from tracking
• 4651b60 chore(v1.3): hygiene pass
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)