fix: add grep command to check 1 and clarify check 3A import exclusion

Author: dmitriyeff

plugin/skills/pipedrive-review-marketplace-readiness/SKILL.md

@@ -39,6 +39,14 @@ Collect all failures before reporting. Do not stop at the first failure.
 
 Scan source files for `fetch(` or `axios` calls (including `axios.get`, `axios.post`, etc.) that include an Authorization header with a token value.
 
+Run:
+
+```bash
+grep -rn "Authorization\|Bearer\|access_token" src --include="*.ts" | grep -v "src/pipedrive/client.ts"
+```
+
+Review each match to determine the token source (see below).
+
 For each match:
 
 1. Is it inside `src/pipedrive/client.ts`? → Skip. The SDK wrapper handles token refresh automatically via `onTokenUpdate`.
@@ -116,7 +124,7 @@ Run:
 grep -n "NextFunction" src/app.ts
 ```
 
-Look for a 4-argument middleware with the signature `(err: Error, _req: Request, res: Response, _next: NextFunction)`. If no such handler exists, this sub-check fails.
+This will match both the import line and any usage. Look specifically for a 4-argument middleware with the signature `(err: Error, _req: Request, res: Response, _next: NextFunction)` — ignore any lines that are just import statements. If no such handler exists (only the import line matches), this sub-check fails.
 
 **Report if sub-check A failing:**