fix: restore publishable cisco extra metadata

[kantorcodes]

Summary

• replace the Cisco extra's direct Git dependency with the published cisco-ai-skill-scanner==2.0.7 package
• align the Marketplace action install path and docs with the publishable PyPI contract
• regenerate uv.lock and keep the Cisco-enabled scan path covered by the existing action-bundle regression checks

Verification

• uv sync --frozen --extra dev --extra cisco --group publish
• ./.venv/bin/ruff check .
• ./.venv/bin/pytest -q
• ./.venv/bin/python -m build
• ./.venv/bin/python -m twine check dist/*
• ./.venv/bin/codex-plugin-scanner scan tests/fixtures/good-plugin --format json --cisco-skill-scan on --cisco-policy balanced
• inspected the built wheel metadata to confirm Requires-Dist now contains cisco-ai-skill-scanner==2.0.7 instead of a direct Git URL

[gemini-code-assist]

Code Review

This pull request updates the cisco-ai-skill-scanner dependency from a git-based fork to a stable version (2.0.7) from PyPI and performs a minor downgrade of litellm to version 1.82.3. The reviewer suggested improving maintainability by dynamically extracting the cisco-ai-skill-scanner version from pyproject.toml within the GitHub Action, rather than hardcoding it, and provided corresponding updates for the test suite.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (6 files)

• README.md - Documentation updates
• action/README.md - Documentation updates
• action/action.yml - Install logic refactored to use pip extras
• pyproject.toml - Cisco dependency changed from git ref to PyPI package
• tests/test_action_bundle.py - Tests updated for new install pattern
• uv.lock - Regenerated lock file

---

_{Reviewed by minimax-m2.5-20260211 · 118,507 tokens}