feat: add deployment & payload audit agent (agent-9)

[kartojal]

Summary

• New hacking agent (deployment-payload-agent.md) specialized in the deployment and upgrade lifecycle — the gap between contract creation and a fully secured operational state
• Covers: initialization gaps, upgrade storage diffs, empty-state exploits (ERC-4626 share inflation, Aave V3 fork index manipulation), proxy footguns, transition windows, and script correctness
• On-chain opsec verification — queries live chain state via cast call to verify if critical roles use EOA vs multisig+timelock vs governor, flags misconfigurations
• Deployment atomicity improvements — flags multi-tx scripts and recommends constructor-batch pattern, catches missing seed deposits and dangling deployer permissions
• Updated SKILL.md to register agent-9 bundle and bump agent count from 8 → 9

Test plan

• Run the solidity-auditor skill against a repo with Foundry/Hardhat deployment scripts to verify agent-9 spawns and produces findings
• Verify agent-9 correctly identifies non-atomic deployment patterns and suggests constructor-batch alternatives
• Confirm on-chain opsec checks work via cast call against a live deployment

🤖 Generated with Claude Code