Add sharp-edges-analyzer agent to sharp-edges

[dguido]

Summary

• Adds sharp-edges-analyzer agent (Read, Grep, Glob) for evaluating APIs and configs for misuse resistance
• 4-phase workflow: Surface Identification → Edge Case Probing → Threat Modeling → Validate Findings
• Updates SKILL.md with agent reference section
• Bumps plugin version to 1.1.0

New files

• plugins/sharp-edges/agents/sharp-edges-analyzer.md (137 lines)

Test plan

• YAML frontmatter parses correctly
• {baseDir}/skills/sharp-edges/references/ paths resolve to existing files
• SKILL.md changes don't break existing skill trigger behavior
• marketplace.json version matches plugin.json (both 1.1.0)

🤖 Generated with Claude Code

[dguido]

Code Review Summary

Findings by severity

Severity	Count
P1 (blocks merge)	0
P2 (important)	1
P3 (nice to have)	4
P4 (informational)	2

Fixed (3)

• P2-2: Agent severity classification table was missing the Examples column present in SKILL.md. Added examples to match.
• P3-1: Agent did not reference language-specific.md combined quick reference. Added.
• P3-2: README.md did not mention the new agent. Added Agent section.

Dismissed (4)

• P2-1 (content duplication between agent and SKILL.md): Agents receive only their system prompt, not the parent skill context, so self-contained instructions are necessary. This is consistent with how function-analyzer in audit-context-building is structured.
• P3-3 (agent categories lack detailed examples): The agent is already 140 lines. Full examples would push it over 300 lines. Language-specific and cross-cutting reference files are available ON DEMAND for deeper detail.
• P3-4 (output format missing mitigation difficulty): The existing "Recommendation" field covers this. Phase 4 "Test mitigations" is a workflow step, not an output field.
• P4-1, P4-2 (informational): Checklist checkbox style and minor wording differences are cosmetic and consistent with existing patterns.

Quality pipeline

All CI checks pass:

• JSON validation (marketplace.json, plugin.json)
• Marketplace consistency (all 27 plugins validated)
• SKILL.md frontmatter validation (all 54 skills valid)
• No hardcoded user paths
• No personal emails
• Version consistency (marketplace.json and plugin.json both at 1.1.0)
• Pre-commit hooks pass (end-of-file, trailing whitespace)

[dguido]

Review Summary

Verdict: Looks good to merge

Reviewed all 5 changed files. No objective issues found.

Validation Results

• validate_codex_skills.py: Pass (60 plugin skills validated against 61 Codex entries)
• validate_plugin_metadata.py: Pass (all plugin metadata in sync)
• Hardcoded path check: Pass (no /Users/ or /home/ paths found)
• No merge conflicts with main

What Was Checked

• Agent frontmatter: Valid name, description, and tools fields matching the format used by other agents in the repo (e.g., function-analyzer, semgrep-scanner).
• Version consistency: Both plugin.json and marketplace.json have version 1.1.0. Match confirmed.
• Agent content quality: Well-structured with 4-phase workflow, 6 sharp edge categories, severity classification, language-specific reference paths using {baseDir}, rationalizations to reject, and a quality checklist.
• Reference file integrity: All 16 reference files cited by the agent exist in skills/sharp-edges/references/.
• SKILL.md: New "Agent" section properly describes the agent and its workflow.
• README.md: New "Agent" section added with clear usage guidance.
• No hardcoded paths: All paths use {baseDir} placeholder correctly.

Notes

The agent content intentionally duplicates portions of SKILL.md (categories, workflow phases, severity table, rationalizations, quality checklist). This is appropriate since agents run in isolated subagent contexts and need self-contained instructions -- they cannot inherit context from the parent skill.

Clean PR, no changes needed.