Fix audit issues: security, hooks ordering, 404, favicon, sitemap

- Fix hooks: move useMemo above conditional return (Rules of Hooks)
- Fix security: arrow functions in replace() to prevent $ injection,
  escape </script> in JSON-LD output
- Fix 404.html: now auto-generated from built index.html at build time
  (was broken — referenced /src/main.jsx dev path)
- Fix favicon: /favicon.svg -> /icskills/favicon.svg for GitHub Pages
- Fix sitemap: remove cross-origin raw.githubusercontent.com URLs
- Fix agent.json: add trailing slash to URL
- Fix JSON-LD: add author (DFINITY Foundation) for Google rich results
- Add llms-full.txt link alternate in index.html
- Add CRLF handling to all frontmatter parsers
- CODEOWNERS: add leading / to paths (idiomatic)
- CSS: remove dead -webkit-overflow-scrolling, redundant word-wrap
- Precompute framework color map with useMemo

Author: Josh

.github/CODEOWNERS

@@ -5,14 +5,14 @@
 * @JoshDFN
 
 # Skill files — domain experts
-skills/asset-canister/          @raymondk
-skills/certified-variables/     @raymondk
-skills/ckbtc/                   @gregorydemay
-skills/evm-rpc/                 @gregorydemay
-skills/icrc-ledger/             @gregorydemay
-skills/wallet/                  @gregorydemay
-skills/internet-identity/       @aterga
-skills/sns-launch/              @bjoernek
-skills/https-outcalls/          @derlerd-dfinity
-skills/multi-canister/          @derlerd-dfinity
-skills/vetkd/                   @andreacerulli
+/skills/asset-canister/          @raymondk
+/skills/certified-variables/     @raymondk
+/skills/ckbtc/                   @gregorydemay
+/skills/evm-rpc/                 @gregorydemay
+/skills/icrc-ledger/             @gregorydemay
+/skills/wallet/                  @gregorydemay
+/skills/internet-identity/       @aterga
+/skills/sns-launch/              @bjoernek
+/skills/https-outcalls/          @derlerd-dfinity
+/skills/multi-canister/          @derlerd-dfinity
+/skills/vetkd/                   @andreacerulli

index.html

@@ -23,9 +23,10 @@
   <meta name="twitter:image" content="https://dfinity.github.io/icskills/og-image.svg">
 
   <link rel="alternate" type="text/plain" title="LLMs.txt" href="/icskills/llms.txt">
+  <link rel="alternate" type="text/plain" title="LLMs-Full.txt" href="/icskills/llms-full.txt">
 
   <meta name="theme-color" content="#0a0a0f">
-  <link rel="icon" type="image/svg+xml" href="/favicon.svg">
+  <link rel="icon" type="image/svg+xml" href="/icskills/favicon.svg">
 
   <script type="application/ld+json">
   {
@@ -56,6 +57,7 @@
         "description": "Structured skill files for AI agents building on ICP. Covers ckBTC, ICRC ledger, Internet Identity, stable memory, HTTPS outcalls, EVM RPC, SNS, certified variables, VetKD, and more.",
         "url": "https://dfinity.github.io/icskills/",
         "isPartOf": { "@id": "https://dfinity.github.io/icskills/#website" },
+        "author": { "@type": "Organization", "name": "DFINITY Foundation", "url": "https://dfinity.org" },
         "proficiencyLevel": "Expert"
       }
     ]

public/404.html

@@ -12,144 +12,72 @@
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/asset-canister/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/certified-variables/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/certified-variables/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/ckbtc/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/ckbtc/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/evm-rpc/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/evm-rpc/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/https-outcalls/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/https-outcalls/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/icrc-ledger/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/icrc-ledger/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/internet-identity/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/internet-identity/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/multi-canister/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/multi-canister/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/sns-launch/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/sns-launch/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/stable-memory/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/stable-memory/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/vetkd/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/vetkd/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/skills/wallet/</loc>
     <lastmod>2026-02-25</lastmod>
     <changefreq>monthly</changefreq>
     <priority>0.9</priority>
   </url>
-  <url>
-    <loc>https://raw.githubusercontent.com/dfinity/icskills/main/skills/wallet/SKILL.md</loc>
-    <lastmod>2026-02-25</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
   <url>
     <loc>https://dfinity.github.io/icskills/llms.txt</loc>
     <lastmod>2026-02-25</lastmod>

public/sitemap.xml

@@ -13,7 +13,7 @@ const OUTPUT_DIR = join(ROOT, "public", ".well-known");
 const OUTPUT = join(OUTPUT_DIR, "agent.json");
 
 function parseFrontmatter(content) {
-  const match = content.match(/^---\n([\s\S]*?)\n---/);
+  const match = content.replace(/\r\n/g, "\n").match(/^---\n([\s\S]*?)\n---/);
   if (!match) return null;
   const data = {};
   for (const line of match[1].split("\n")) {

scripts/generate-agent-json.js

@@ -13,7 +13,7 @@ const OUTPUT = join(ROOT, "public", "llms.txt");
 const RAW = "https://raw.githubusercontent.com/dfinity/icskills/main";
 
 function parseFrontmatter(content) {
-  const match = content.match(/^---\n([\s\S]*?)\n---/);
+  const match = content.replace(/\r\n/g, "\n").match(/^---\n([\s\S]*?)\n---/);
   if (!match) return null;
   const data = {};
   for (const line of match[1].split("\n")) {

scripts/generate-llms.js

@@ -53,14 +53,7 @@ for (const dir of dirs) {
     <priority>0.9</priority>
   </url>
 `;
-  // Raw SKILL.md URL (for agents)
-  xml += `  <url>
-    <loc>${RAW}/skills/${dir}/SKILL.md</loc>
-    <lastmod>${lastmod}</lastmod>
-    <changefreq>monthly</changefreq>
-    <priority>0.7</priority>
-  </url>
-`;
+  // Note: raw.githubusercontent.com URLs omitted — sitemaps must be same-origin
 }
 
 xml += `  <url>