feat(cli): add clients command to list supported AI agent clients (#9)

ci: bump codecov-action from v5 to v6

fix(ci): remove unsupported freebsd and 32-bit ARM from goreleaser

feat: add MCP server mode, command fallback, traffic capture, and E2E tests (#6)

fix(security): harden MCP client and scanner against untrusted input (#7)

fix(upload): stop retrying 4xx errors and add tests for 6 packages (#5)

fix(output): display entity-level issues in text formatter (#4)

test(testdata): add skill and config fixtures for rule validation (#3)

fix(mcpclient): propagate --skip-ssl-verify to HTTP/SSE transports (#2)

feat(rules): implement E003 BehaviorHijack and E004 SkillInjection rules (#1)

fix(ci): correct workflow errors and add goreleaser config

chore: add go.tools.mod and fix all lint issues

ci: add GitHub Actions workflows and dependabot config

docs(readme): add skill scanning usage and fix code block types

feat: initial implementation of AI agent security scanner