fix(skills): remove phantom resource references and fix CoC links (#447)

Remove references to non-existent resource files (references/, assets/,
scripts/, examples/) from 115 skill SKILL.md files. These sections
pointed to directories and files that were never created, causing
confusion when users install skills.

Also fix broken Code of Conduct links in issue templates to use
absolute GitHub URLs instead of relative paths that 404.

plugins/payment-processing/skills/billing-automation/SKILL.md

@@ -535,32 +535,3 @@ class UsageBillingEngine:
 
         return charge
 ```
-
-## Resources
-
-- **references/billing-cycles.md**: Billing cycle management
-- **references/dunning-management.md**: Failed payment recovery
-- **references/proration.md**: Prorated charge calculations
-- **references/tax-calculation.md**: Tax/VAT/GST handling
-- **references/invoice-lifecycle.md**: Invoice state management
-- **assets/billing-state-machine.yaml**: Billing workflow
-- **assets/invoice-template.html**: Invoice templates
-- **assets/dunning-policy.yaml**: Dunning configuration
-
-## Best Practices
-
-1. **Automate Everything**: Minimize manual intervention
-2. **Clear Communication**: Notify customers of billing events
-3. **Flexible Retry Logic**: Balance recovery with customer experience
-4. **Accurate Proration**: Fair calculation for plan changes
-5. **Tax Compliance**: Calculate correct tax for jurisdiction
-6. **Audit Trail**: Log all billing events
-7. **Graceful Degradation**: Handle edge cases without breaking
-
-## Common Pitfalls
-
-- **Incorrect Proration**: Not accounting for partial periods
-- **Missing Tax**: Forgetting to add tax to invoices
-- **Aggressive Dunning**: Canceling too quickly
-- **No Notifications**: Not informing customers of failures
-- **Hardcoded Cycles**: Not supporting custom billing dates

plugins/payment-processing/skills/paypal-integration/SKILL.md

@@ -448,31 +448,3 @@ def test_payment_flow():
     # captured = client.capture_order(order['id'])
     # assert captured['status'] == 'COMPLETED'
 ```
-
-## Resources
-
-- **references/express-checkout.md**: Express Checkout implementation guide
-- **references/ipn-handling.md**: IPN verification and processing
-- **references/refund-workflows.md**: Refund handling patterns
-- **references/billing-agreements.md**: Recurring billing setup
-- **assets/paypal-client.py**: Production PayPal client
-- **assets/ipn-processor.py**: IPN webhook processor
-- **assets/recurring-billing.py**: Subscription management
-
-## Best Practices
-
-1. **Always Verify IPN**: Never trust IPN without verification
-2. **Idempotent Processing**: Handle duplicate IPN notifications
-3. **Error Handling**: Implement robust error handling
-4. **Logging**: Log all transactions and errors
-5. **Test Thoroughly**: Use sandbox extensively
-6. **Webhook Backup**: Don't rely solely on client-side callbacks
-7. **Currency Handling**: Always specify currency explicitly
-
-## Common Pitfalls
-
-- **Not Verifying IPN**: Accepting IPN without verification
-- **Duplicate Processing**: Not checking for duplicate transactions
-- **Wrong Environment**: Mixing sandbox and production URLs/credentials
-- **Missing Webhooks**: Not handling all payment states
-- **Hardcoded Values**: Not making configurable for different environments

plugins/payment-processing/skills/pci-compliance/SKILL.md

@@ -446,35 +446,3 @@ PCI_COMPLIANCE_CHECKLIST = {
     ]
 }
 ```
-
-## Resources
-
-- **references/data-minimization.md**: Never store prohibited data
-- **references/tokenization.md**: Tokenization strategies
-- **references/encryption.md**: Encryption requirements
-- **references/access-control.md**: Role-based access
-- **references/audit-logging.md**: Comprehensive logging
-- **assets/pci-compliance-checklist.md**: Complete checklist
-- **assets/encrypted-storage.py**: Encryption utilities
-- **scripts/audit-payment-system.sh**: Compliance audit script
-
-## Common Violations
-
-1. **Storing CVV**: Never store card verification codes
-2. **Unencrypted PAN**: Card numbers must be encrypted at rest
-3. **Weak Encryption**: Use AES-256 or equivalent
-4. **No Access Controls**: Restrict who can access cardholder data
-5. **Missing Audit Logs**: Must log all access to payment data
-6. **Insecure Transmission**: Always use TLS 1.2+
-7. **Default Passwords**: Change all default credentials
-8. **No Security Testing**: Regular penetration testing required
-
-## Reducing PCI Scope
-
-1. **Use Hosted Payments**: Stripe Checkout, PayPal, etc.
-2. **Tokenization**: Replace card data with tokens
-3. **Network Segmentation**: Isolate cardholder data environment
-4. **Outsource**: Use PCI-compliant payment processors
-5. **No Storage**: Never store full card details
-
-By minimizing systems that touch card data, you reduce compliance burden significantly.

plugins/payment-processing/skills/stripe-integration/SKILL.md

@@ -490,33 +490,3 @@ def test_payment_flow():
 
     assert confirmed.status == 'succeeded'
 ```
-
-## Resources
-
-- **references/checkout-flows.md**: Detailed checkout implementation
-- **references/webhook-handling.md**: Webhook security and processing
-- **references/subscription-management.md**: Subscription lifecycle
-- **references/customer-management.md**: Customer and payment method handling
-- **references/invoice-generation.md**: Invoicing and billing
-- **assets/stripe-client.py**: Production-ready Stripe client wrapper
-- **assets/webhook-handler.py**: Complete webhook processor
-- **assets/checkout-config.json**: Checkout configuration templates
-
-## Best Practices
-
-1. **Always Use Webhooks**: Don't rely solely on client-side confirmation
-2. **Idempotency**: Handle webhook events idempotently
-3. **Error Handling**: Gracefully handle all Stripe errors
-4. **Test Mode**: Thoroughly test with test keys before production
-5. **Metadata**: Use metadata to link Stripe objects to your database
-6. **Monitoring**: Track payment success rates and errors
-7. **PCI Compliance**: Never handle raw card data on your server
-8. **SCA Ready**: Implement 3D Secure for European payments
-
-## Common Pitfalls
-
-- **Not Verifying Webhooks**: Always verify webhook signatures
-- **Missing Webhook Events**: Handle all relevant webhook events
-- **Hardcoded Amounts**: Use cents/smallest currency unit
-- **No Retry Logic**: Implement retries for API calls
-- **Ignoring Test Mode**: Test all edge cases with test cards