create-implementation-plan: require unique identifiers (#1989)

[KomalSrinivasan]

Closes #1989.

@basilevs reported that the create-implementation-plan skill occasionally produces plans with duplicate TASK- identifiers (and could just as easily collide on REQ-, GOAL-, etc.). The skill template defines the prefix scheme but doesn't say identifiers must be unique, and gives the agent no way to verify.

The reporter already worked out the right checks. This PR drops them into the skill.

Changes

skills/create-implementation-plan/SKILL.md picks up:

1. A new bullet under Template Validation Rules: identifiers must be declared exactly once across the plan. DEP-* is called out as the deliberate exception because it commonly appears as a reference in both Requirements and Dependencies.

2. A new Identifier Uniqueness Check section with the reporter's three POSIX one-liners:

   • Check 1: duplicate TASK / GOAL declarations in table rows.
   • Check 2: duplicate declaration IDs in bullet-style spec lines.
   • Check 3: broad diagnostic scan (informational, may flag valid references).

   Checks 1 and 2 must return empty before finalizing. The section also notes the POSIX prereqs and what to substitute on Windows.

Why this shape

• Reporter @basilevs already wrote and proposed the exact validation commands in the issue thread. Lifting them in verbatim respects their work and matches what they intended.
• Adding the rule under the existing Template Validation Rules keeps it visible at the same scan depth as the other invariants.
• The bash block is presented as a quality gate the agent runs at the end, not a runtime dependency. The agent can also do the equivalent check by other means if it prefers.

Verification

• npm run skill:validate reports create-implementation-plan as valid.
• npm run build exits 0, regenerates marketplace.json.
• 1 file touched. No README diff because the skill description is unchanged.

[github-actions]

🔒 PR Risk Scan Results

Scanned 2 changed file(s).

Severity	Count
🔴 High	0
🟠 Medium	1
ℹ️ Info	0

Severity	Rule	File	Line	Match
🟠	unpinned-version-indicator	.codespellrc	21	# categor - TypeScript template literal in website/src/scripts/pages/skills.ts:70 (categor${...length > 1 ? "ies" : "y"})

This is an automated soft-gate report. Findings indicate review targets and do not block merge by themselves.

[github-actions]

🔍 Skill Validator Results

⚠️ Warnings or advisories found

Scope	Checked
Skills	1
Agents	0
Total	1

Severity	Count
❌ Errors	0
⚠️ Warnings	1
ℹ️ Advisories	0

Summary

Level	Finding
ℹ️	Found 1 skill(s)
ℹ️	[create-implementation-plan] 📊 create-implementation-plan: 1,913 BPE tokens [chars/4: 1,982] (detailed ✓), 27 sections, 2 code blocks
ℹ️	[create-implementation-plan] ⚠ No numbered workflow steps — agents follow sequenced procedures more reliably.
ℹ️	✅ All checks passed (1 skill(s))

Full validator output

Found 1 skill(s)
[create-implementation-plan] 📊 create-implementation-plan: 1,913 BPE tokens [chars/4: 1,982] (detailed ✓), 27 sections, 2 code blocks
[create-implementation-plan]    ⚠  No numbered workflow steps — agents follow sequenced procedures more reliably.
✅ All checks passed (1 skill(s))

[github-actions]

🟡 Contributor Reputation Check: MEDIUM risk

Check	Risk
Profile	MEDIUM
Credential audit	NONE

Maintainers: please review this contributor before merging.
See the workflow run for full details.
Automated check powered by AGT.

[basilevs]

DEP- as an example was a confusing language. Any identifier can be reference. For example, one TASK- can reference another, most tasks should reference REQ-, etc.

[github-actions]

🟡 Contributor Reputation Check: MEDIUM risk

Check	Risk
Profile	MEDIUM
Credential audit	NONE

Maintainers: please review this contributor before merging.
See the workflow run for full details.
Automated check powered by AGT.