fix/docs: remove trailing colons from comments and documentation

.github/PULL_REQUEST_TEMPLATE.md

@@ -37,32 +37,32 @@
 
 ## Security & API Stability
 
-**Security Impact:**
+**Security Impact**
 
 - [ ] No impact on security (no changes to forbidden keys, prototype safety)
 - [ ] Reviewed against security rules in AGENTS.md
 - [ ] If security-related: Explain impact and mitigation
 
-**API Contract:**
+**API Contract**
 
 - [ ] No changes to public API (`parse` function signature, type definitions)
 - [ ] No breaking changes to `ParseResult`, `ParseIssue`, or `IssueCode`
 - [ ] If API change: Is this a breaking change? (Yes/No + explanation)
 
-**Versioning:**
+**Versioning**
 
 - [ ] Change is compatible with current v0.x versioning policy
 - [ ] If breaking change proposed: Justification for major version bump
 
 ## Testing
 
-**Automated Checks:**
+**Automated Checks**
 
 - [ ] TypeScript type checking passes (`bun run check:type:source`)
 - [ ] All tests pass (`bun run test`)
 - [ ] Build succeeds (`bun run build`)
 
-**Additional Verification** (describe any manual testing, edge case verification, or integration testing):
+**Additional Verification** (describe any manual testing, edge case verification, or integration testing)
 
 <!-- Describe tests added, updated, or manual verification performed. If none, explain why. -->
 

AGENTS.md

@@ -217,3 +217,15 @@ If a change makes the parser:
 it likely violates the boundary.
 
 When in doubt, reject the change.
+
+---
+
+## Agent Skills
+
+The `boundary-validator` skill in `skills/boundary-validator/` provides structured
+validation guidance based on the rules in this document.
+
+- **Claude Code**: Activates automatically during PR creation and code review.
+  Invoke with `Review this code against boundary-validator rules`.
+- **Other agents**: Apply the validation patterns in `skills/boundary-validator/SKILL.md`
+  when creating PRs, reviewing code, or implementing features.

CLAUDE.md

@@ -13,9 +13,7 @@ When implementing features or reviewing code:
 ## Agent Skills
 
 The `boundary-validator` skill (`skills/boundary-validator/`) validates code changes against AGENTS.md design rules.
-
-- **Triggers**: Automatically activates when creating PRs or requesting code reviews
-- **Coverage**: See AGENTS.md "Design rules" and "Security rules" sections
+See AGENTS.md for trigger conditions and usage across agents.
 
 **Usage in Claude Code**:
 

CONTRIBUTING.md

@@ -8,7 +8,7 @@ This document provides guidelines for contributing to this boundary-focused Form
 
 ## Before You Start
 
-**Please read these documents carefully:**
+**Please read these documents carefully.**
 
 1. **README.md**: Understand the design principles and what safe-formdata is (and isn't)
 2. **AGENTS.md**: Review the non-negotiable implementation rules
@@ -110,7 +110,7 @@ bun run test:coverage   # View coverage report
 
 ### 4. Security Considerations
 
-**Mandatory security rules** (AGENTS.md):
+**Mandatory security rules** (AGENTS.md)
 
 - Use `Object.create(null)` for parsed data (no prototype)
 - Reject forbidden keys: `__proto__`, `constructor`, `prototype`
@@ -135,7 +135,7 @@ Before submitting a PR:
 
 ### PR Description
 
-Include:
+Include the following.
 
 1. **Problem**: What issue does this solve?
 2. **Solution**: How does this maintain the boundary?
@@ -144,7 +144,7 @@ Include:
 
 ### Review Process
 
-PRs will be evaluated against:
+PRs will be evaluated against the following.
 
 1. **Alignment with design principles** (README.md)
 2. **Compliance with technical rules** (AGENTS.md)

README.md

@@ -197,7 +197,7 @@ if (result.data !== null) {
 }
 ```
 
-**Key points**:
+**Key points**
 
 - All values are `string | File` - no automatic type conversion
 - Use `data !== null` to check for success and narrow the type

SECURITY.md

@@ -30,7 +30,7 @@ and **public security discussion**.
 
 ### Private (Security Advisory)
 
-Use **GitHub Security Advisories** for:
+Use **GitHub Security Advisories** for the following.
 
 - Reproducible vulnerabilities
 - Exploit techniques or payloads
@@ -42,7 +42,7 @@ Use **GitHub Security Advisories** for:
 
 ### Public Issue
 
-Public issues are appropriate only for:
+Public issues are appropriate only for the following.
 
 - **Design-level security questions**
 - **Non-sensitive security concerns**
@@ -149,7 +149,7 @@ safe-formdata **assumes**:
 
 ## Disclosure Policy
 
-Security reports are handled as follows:
+Security reports are handled as follows.
 
 1. **Review**
    - Issues are evaluated against the security scope defined above

docs/PUBLISHING.md

@@ -20,7 +20,7 @@ Before creating a release PR, validate locally:
 bun run prepare:publish
 ```
 
-This runs:
+This runs the following steps.
 
 1. TypeScript type checking (`check:type:source`)
 2. Test suite with coverage (`test:coverage`)

examples/03-error-handling.ts

@@ -35,7 +35,7 @@ for (const issue of result.issues) {
 	});
 }
 
-// Typical handling pattern:
+// Typical handling pattern is as follows.
 // - log issues
 // - return HTTP 400
 // - show a validation error to the user

skills/README.md

@@ -4,7 +4,7 @@ This directory contains **Agent Skills** specific to the safe-formdata project.
 
 ## What are Agent Skills?
 
-Agent Skills are structured knowledge packages that agents like Claude Code can efficiently reference. Based on the implementation rules in AGENTS.md, they provide:
+Agent Skills are structured knowledge packages that agents like Claude Code can efficiently reference. Based on the implementation rules in AGENTS.md, they provide the following.
 
 - **Automatic triggering**: Activates automatically during PR creation and code review
 - **Progressive disclosure**: Loads only necessary information incrementally
@@ -18,7 +18,7 @@ Performs code review based on boundary principles.
 
 - **Purpose**: Automatically detect violations of safe-formdata's design principles
 - **Triggers**: PR creation, code review, post-implementation
-- **Validation items**:
+- **Validation items**
   - Key opacity (no array notation parsing, etc.)
   - No silent behavior (no merging, overwriting, etc.)
   - No inference or convenience features

skills/boundary-validator/SKILL.md

@@ -55,7 +55,7 @@ Review this code against boundary-validator rules
 
 ### Review Process
 
-The skill will:
+The skill will do the following.
 
 1. **Read the changed files** using the Read and Grep tools
 2. **Check for violations** against the four design rules
@@ -234,12 +234,12 @@ const data = Object.create(null); // Not {}
 
 ### API Contract
 
-**IssueCode stability**:
+**IssueCode stability**
 
 - No new IssueCode values without major version bump
 - Existing codes: `invalid_key`, `forbidden_key`, `duplicate_key`
 
-**ParseResult type**:
+**ParseResult type**
 
 - Must be a discriminated union
 - `data !== null` for type narrowing

skills/boundary-validator/references/security-rules.md

@@ -10,7 +10,7 @@ These rules are non-negotiable and must be enforced in all implementations.
 
 ### Forbidden Keys
 
-Explicitly forbid the following keys:
+Explicitly forbid the following keys.
 
 - `__proto__`
 - `constructor`

skills/boundary-validator/references/validation-patterns.md

@@ -8,7 +8,7 @@ Use these patterns when reviewing code changes to safe-formdata.
 
 ## Detection Strategy
 
-When reviewing code, search for these anti-patterns:
+When reviewing code, search for these anti-patterns.
 
 1. **Keyword search**: Look for suspicious method calls and operators
 2. **Control flow analysis**: Examine conditional logic related to keys

src/issues/forbiddenKeys.ts

@@ -4,7 +4,7 @@
  * These keys are reserved properties on `Object.prototype` and must never
  * be allowed in parsed FormData, regardless of their values or context.
  *
- * The forbidden keys are:
+ * The forbidden keys are the following.
  * - `__proto__`: Legacy prototype accessor
  * - `prototype`: Function prototype property
  * - `constructor`: Object constructor reference