Publish a skill.

Submit a manifest and a Skill_Package tarball. The pipeline parses the manifest, enforces the 100 MiB size limit, runs the secret scanner, and only then writes the version to the registry.

Try uploading a package containing AKIAIOSFODNN7EXAMPLE to see the secret scanner block publication.

Publishing runs through the same guarded pipeline from the kiro CLI — one command, no web form needed:

kiro publish ./my-skill            # publish a local skill dir
kiro publish ./my-skill --bump minor   # auto-increment the version
kiro publish-local --all               # publish every local global/project skill

The CLI parses the manifest, enforces the size limit, runs the secret scanner (a leaked AKIA… key blocks the publish), then writes the version to the registry — identical to the server pipeline.