diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json
index 6abaa72..5ea0e4f 100644
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -22,6 +22,7 @@
     "automation",
     "best-practices"
   ],
+  "agents": "./agents",
   "commands": "./commands",
   "skills": "./skills"
 }
diff --git a/examples/user-CLAUDE.md b/examples/user-CLAUDE.md
index 750cbbf..64608ab 100644
--- a/examples/user-CLAUDE.md
+++ b/examples/user-CLAUDE.md
@@ -58,6 +58,10 @@ Located in `~/.claude/agents/`:
 
 ## Personal Preferences
 
+### Privacy
+- Always redact logs; never paste secrets (API keys/tokens/passwords/JWTs)
+- Review output before sharing - remove any sensitive data
+
 ### Code Style
 - No emojis in code, comments, or documentation
 - Prefer immutability - never mutate objects or arrays
diff --git a/skills/backend-patterns/SKILL.md b/skills/backend-patterns/SKILL.md
index 3990dc5..a0705d9 100644
--- a/skills/backend-patterns/SKILL.md
+++ b/skills/backend-patterns/SKILL.md
@@ -395,21 +395,26 @@ export function hasPermission(user: User, permission: Permission): boolean {
 }
 
 export function requirePermission(permission: Permission) {
-  return async (request: Request) => {
-    const user = await requireAuth(request)
+  return (handler: (request: Request, user: User) => Promise<Response>) => {
+    return async (request: Request) => {
+      const user = await requireAuth(request)
 
-    if (!hasPermission(user, permission)) {
-      throw new ApiError(403, 'Insufficient permissions')
+      if (!hasPermission(user, permission)) {
+        throw new ApiError(403, 'Insufficient permissions')
+      }
+
+      return handler(request, user)
     }
-
-    return user
   }
 }
 
-// Usage
-export const DELETE = requirePermission('delete')(async (request: Request) => {
-  // Handler with permission check
-})
+// Usage - HOF wraps the handler
+export const DELETE = requirePermission('delete')(
+  async (request: Request, user: User) => {
+    // Handler receives authenticated user with verified permission
+    return new Response('Deleted', { status: 200 })
+  }
+)
 ```
 
 ## Rate Limiting
diff --git a/skills/eval-harness/SKILL.md b/skills/eval-harness/SKILL.md
index 522937d..ca61962 100644
--- a/skills/eval-harness/SKILL.md
+++ b/skills/eval-harness/SKILL.md
@@ -1,3 +1,9 @@
+---
+name: eval-harness
+description: Formal evaluation framework for Claude Code sessions implementing eval-driven development (EDD) principles
+tools: Read, Write, Edit, Bash, Grep, Glob
+---
+
 # Eval Harness Skill
 
 A formal evaluation framework for Claude Code sessions, implementing eval-driven development (EDD) principles.