Summary

• Path traversal (security): Reject .. and absolute paths in skill export methods (export_path, export_zip, export_openai_inline_skill) to prevent directory escape. Defense-in-depth added in _place_skill_file().
• Cache poisoning: Always compute actual SHA256 before caching — never store under an unverified claimed hash, preventing poisoning via verify_checksums=False.
• Cache-hit verification: Re-hash cached blobs when verify_checksums=True on the cache-hit fast path.
• Manifest completeness: Raise IntegrityError when pull response is missing layers from the resolve manifest.
• Retry-After parsing (RFC 9110): Handle both delay-seconds and HTTP-date formats; gracefully degrade to None on unparseable values.
• CACHEDIR.TAG: Reset _tag_written flag in cache_clear() so the tag is recreated on subsequent writes.
• Docs/API cleanup: Fix runtime path docs for macOS/Windows, remove unreachable VersionNotFoundError from public API, clarify cache_remove/cache_clean comments.

Test plan

• Path traversal: 4 new tests — .. segments and absolute paths rejected in all export methods
• Cache-hit integrity: covered by existing + new cache tests
• Retry-After: 3 new tests — numeric, HTTP-date, and invalid header formats
• CACHEDIR.TAG: 1 new test — clear then write recreates tag
• All 227 tests pass, all checks (format, lint, types) pass, 95% coverage

🤖 Generated with Claude Code