feat: add Agent Skills and restructure documentation

- Add 47 Agent Skills across 14 plugins following Anthropic's specification
  - Python (5): async patterns, testing, packaging, performance, UV package manager
  - JavaScript/TypeScript (4): advanced types, Node.js patterns, testing, modern JS
  - Kubernetes (4): manifests, Helm charts, GitOps, security policies
  - Cloud Infrastructure (4): Terraform, multi-cloud, hybrid networking, cost optimization
  - CI/CD (4): pipeline design, GitHub Actions, GitLab CI, secrets management
  - Backend (3): API design, architecture patterns, microservices
  - LLM Applications (4): LangChain, prompt engineering, RAG, evaluation
  - Blockchain/Web3 (4): DeFi protocols, NFT standards, Solidity security, Web3 testing
  - Framework Migration (4): React, Angular, database, dependency upgrades
  - Observability (4): Prometheus, Grafana, distributed tracing, SLO
  - Payment Processing (4): Stripe, PayPal, PCI compliance, billing
  - API Scaffolding (1): FastAPI templates
  - ML Operations (1): ML pipeline workflow
  - Security (1): SAST configuration

- Restructure documentation into /docs directory
  - agent-skills.md: Complete guide to all 47 skills
  - agents.md: All 85 agents with model configuration
  - plugins.md: Complete catalog of 63 plugins
  - usage.md: Commands, workflows, and best practices
  - architecture.md: Design principles and patterns

- Update README.md
  - Add Agent Skills banner announcement
  - Reduce length by ~75% with links to detailed docs
  - Add What's New section showcasing Agent Skills
  - Add Popular Use Cases with real examples
  - Improve navigation with Core Guides and Quick Links

- Update marketplace.json with skills arrays for 14 plugins

All 47 skills follow Agent Skills Specification:
- Required YAML frontmatter (name, description)
- Use when activation clauses
- Progressive disclosure architecture
- Under 1024 character descriptions

plugins/cloud-infrastructure/skills/hybrid-cloud-networking/SKILL.md

@@ -0,0 +1,226 @@
+---
+name: hybrid-cloud-networking
+description: Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.
+---
+
+# Hybrid Cloud Networking
+
+Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.
+
+## Purpose
+
+Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).
+
+## When to Use
+
+- Connect on-premises to cloud
+- Extend datacenter to cloud
+- Implement hybrid active-active setups
+- Meet compliance requirements
+- Migrate to cloud gradually
+
+## Connection Options
+
+### AWS Connectivity
+
+#### 1. Site-to-Site VPN
+- IPSec VPN over internet
+- Up to 1.25 Gbps per tunnel
+- Cost-effective for moderate bandwidth
+- Higher latency, internet-dependent
+
+```hcl
+resource "aws_vpn_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+  tags = {
+    Name = "main-vpn-gateway"
+  }
+}
+
+resource "aws_customer_gateway" "main" {
+  bgp_asn    = 65000
+  ip_address = "203.0.113.1"
+  type       = "ipsec.1"
+}
+
+resource "aws_vpn_connection" "main" {
+  vpn_gateway_id      = aws_vpn_gateway.main.id
+  customer_gateway_id = aws_customer_gateway.main.id
+  type                = "ipsec.1"
+  static_routes_only  = false
+}
+```
+
+#### 2. AWS Direct Connect
+- Dedicated network connection
+- 1 Gbps to 100 Gbps
+- Lower latency, consistent bandwidth
+- More expensive, setup time required
+
+**Reference:** See `references/direct-connect.md`
+
+### Azure Connectivity
+
+#### 1. Site-to-Site VPN
+```hcl
+resource "azurerm_virtual_network_gateway" "vpn" {
+  name                = "vpn-gateway"
+  location            = azurerm_resource_group.main.location
+  resource_group_name = azurerm_resource_group.main.name
+
+  type     = "Vpn"
+  vpn_type = "RouteBased"
+  sku      = "VpnGw1"
+
+  ip_configuration {
+    name                          = "vnetGatewayConfig"
+    public_ip_address_id          = azurerm_public_ip.vpn.id
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = azurerm_subnet.gateway.id
+  }
+}
+```
+
+#### 2. Azure ExpressRoute
+- Private connection via connectivity provider
+- Up to 100 Gbps
+- Low latency, high reliability
+- Premium for global connectivity
+
+### GCP Connectivity
+
+#### 1. Cloud VPN
+- IPSec VPN (Classic or HA VPN)
+- HA VPN: 99.99% SLA
+- Up to 3 Gbps per tunnel
+
+#### 2. Cloud Interconnect
+- Dedicated (10 Gbps, 100 Gbps)
+- Partner (50 Mbps to 50 Gbps)
+- Lower latency than VPN
+
+## Hybrid Network Patterns
+
+### Pattern 1: Hub-and-Spoke
+```
+On-Premises Datacenter
+         ↓
+    VPN/Direct Connect
+         ↓
+    Transit Gateway (AWS) / vWAN (Azure)
+         ↓
+    ├─ Production VPC/VNet
+    ├─ Staging VPC/VNet
+    └─ Development VPC/VNet
+```
+
+### Pattern 2: Multi-Region Hybrid
+```
+On-Premises
+    ├─ Direct Connect → us-east-1
+    └─ Direct Connect → us-west-2
+            ↓
+        Cross-Region Peering
+```
+
+### Pattern 3: Multi-Cloud Hybrid
+```
+On-Premises Datacenter
+    ├─ Direct Connect → AWS
+    ├─ ExpressRoute → Azure
+    └─ Interconnect → GCP
+```
+
+## Routing Configuration
+
+### BGP Configuration
+```
+On-Premises Router:
+- AS Number: 65000
+- Advertise: 10.0.0.0/8
+
+Cloud Router:
+- AS Number: 64512 (AWS), 65515 (Azure)
+- Advertise: Cloud VPC/VNet CIDRs
+```
+
+### Route Propagation
+- Enable route propagation on route tables
+- Use BGP for dynamic routing
+- Implement route filtering
+- Monitor route advertisements
+
+## Security Best Practices
+
+1. **Use private connectivity** (Direct Connect/ExpressRoute)
+2. **Implement encryption** for VPN tunnels
+3. **Use VPC endpoints** to avoid internet routing
+4. **Configure network ACLs** and security groups
+5. **Enable VPC Flow Logs** for monitoring
+6. **Implement DDoS protection**
+7. **Use PrivateLink/Private Endpoints**
+8. **Monitor connections** with CloudWatch/Monitor
+9. **Implement redundancy** (dual tunnels)
+10. **Regular security audits**
+
+## High Availability
+
+### Dual VPN Tunnels
+```hcl
+resource "aws_vpn_connection" "primary" {
+  vpn_gateway_id      = aws_vpn_gateway.main.id
+  customer_gateway_id = aws_customer_gateway.primary.id
+  type                = "ipsec.1"
+}
+
+resource "aws_vpn_connection" "secondary" {
+  vpn_gateway_id      = aws_vpn_gateway.main.id
+  customer_gateway_id = aws_customer_gateway.secondary.id
+  type                = "ipsec.1"
+}
+```
+
+### Active-Active Configuration
+- Multiple connections from different locations
+- BGP for automatic failover
+- Equal-cost multi-path (ECMP) routing
+- Monitor health of all connections
+
+## Monitoring and Troubleshooting
+
+### Key Metrics
+- Tunnel status (up/down)
+- Bytes in/out
+- Packet loss
+- Latency
+- BGP session status
+
+### Troubleshooting
+```bash
+# AWS VPN
+aws ec2 describe-vpn-connections
+aws ec2 get-vpn-connection-telemetry
+
+# Azure VPN
+az network vpn-connection show
+az network vpn-connection show-device-config-script
+```
+
+## Cost Optimization
+
+1. **Right-size connections** based on traffic
+2. **Use VPN for low-bandwidth** workloads
+3. **Consolidate traffic** through fewer connections
+4. **Minimize data transfer** costs
+5. **Use Direct Connect** for high bandwidth
+6. **Implement caching** to reduce traffic
+
+## Reference Files
+
+- `references/vpn-setup.md` - VPN configuration guide
+- `references/direct-connect.md` - Direct Connect setup
+
+## Related Skills
+
+- `multi-cloud-architecture` - For architecture decisions
+- `terraform-module-library` - For IaC implementation