feat(security): add threat intelligence DB, security commands, and cheatsheet audit fixes (v3.26.0)

- Add threat-db.yaml v2.0.0 with 63 malicious skills, 22 CVEs, 4 campaigns
- Add /security-check, /security-audit, /update-threat-db slash commands
- Add Snyk ToxicSkills evaluation (58th resource evaluation)
- Fix cheatsheet: add Alt+T to keyboard shortcuts table, add /fast and /debug commands
- Update Features Meconnues table with Agent Teams and Auto-Memories
- Clean up cheatsheet.md.bak
- Bump version to 3.26.0

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

machine-readable/reference.yaml

@@ -3,7 +3,7 @@
 # Source: guide/ultimate-guide.md
 # Purpose: Condensed index for LLMs to quickly answer user questions about Claude Code
 
-version: "3.24.0"
+version: "3.26.0"
 updated: "2026-02-09"
 
 # ════════════════════════════════════════════════════════════════
@@ -173,7 +173,7 @@ deep_dive:
   third_party_toad: "https://github.com/batrachianai/toad"
   third_party_conductor: "https://docs.conductor.build"
   # Configuration Management & Backup (Added 2026-02-02)
-  config_management_guide: "guide/ultimate-guide.md:4085"  # Section 3.24.0
+  config_management_guide: "guide/ultimate-guide.md:4085"  # Section 3.26.0
   config_hierarchy: "guide/ultimate-guide.md:4095"  # Global → Project → Local precedence
   config_git_strategy_project: "guide/ultimate-guide.md:4110"  # What to commit in .claude/
   config_git_strategy_global: "guide/ultimate-guide.md:4133"  # Version control ~/.claude/
@@ -753,6 +753,16 @@ deep_dive:
   architecture: 819  # Architecture internals
   production_safety: "guide/production-safety.md"  # Production safety rules
   security_hardening: "guide/security-hardening.md"  # Security best practices
+  security_cve_summary: "guide/security-hardening.md:51"  # CVE table (7 CVEs, 2025-2026)
+  security_supply_chain_stats: "guide/security-hardening.md:127"  # Snyk ToxicSkills: 36.82% of 3,984 skills
+  security_mcp_scan_tool: "guide/security-hardening.md:96"  # mcp-scan in Safe List
+  security_malicious_extensions: "guide/security-hardening.md:242"  # .claude/ attack surface (§1.5)
+  security_claude_folder_audit: "guide/security-hardening.md:270"  # 5-minute .claude/ audit checklist
+  security_toxicskills_evaluation: "docs/resource-evaluations/snyk-toxicskills-evaluation.md"
+  security_check_command: "examples/commands/security-check.md"  # Quick config check vs known threats
+  security_audit_command: "examples/commands/security-audit.md"  # Full 6-phase security audit (score /100)
+  security_threat_db: "examples/commands/resources/threat-db.yaml"  # Threat intelligence database (authors, skills, CVEs, patterns)
+  security_update_threat_db: "examples/commands/update-threat-db.md"  # /update-threat-db — research & update threat database
   agent_validation_checklist: 3850  # Agent validation section in ultimate-guide.md
   git_mcp_guide: "guide/mcp-servers-ecosystem.md:102"  # Git MCP server documentation
 
@@ -1169,7 +1179,7 @@ ecosystem:
       - "Cross-links modified → Update all 4 repos"
     history:
       - date: "2026-01-20"
-        event: "Code Landing sync v3.24.0, 66 templates, cross-links"
+        event: "Code Landing sync v3.26.0, 66 templates, cross-links"
         commit: "5b5ce62"
       - date: "2026-01-20"
         event: "Cowork Landing fix (paths, README, UI badges)"
@@ -1181,7 +1191,7 @@ ecosystem:
 onboarding_matrix_meta:
   version: "2.0.0"
   last_updated: "2026-02-05"
-  aligned_with_guide: "3.24.0"
+  aligned_with_guide: "3.26.0"
   changelog:
     - version: "2.0.0"
       date: "2026-02-05"
@@ -1209,7 +1219,7 @@ onboarding_matrix:
       core: [rules, sandbox_native_guide, commands]
       time_budget: "5 min"
       topics_max: 3
-      note: "SECURITY FIRST - sandbox before commands (v3.24.0 critical fix)"
+      note: "SECURITY FIRST - sandbox before commands (v3.26.0 critical fix)"
 
     beginner_15min:
       core: [rules, sandbox_native_guide, workflow, essential_commands]
@@ -1294,7 +1304,7 @@ onboarding_matrix:
         - default: agent_validation_checklist
       time_budget: "60 min"
       topics_max: 6
-      note: "Dual-instance pattern for quality workflows (v3.24.0)"
+      note: "Dual-instance pattern for quality workflows (v3.26.0)"
 
   learn_security:
     intermediate_30min:
@@ -1305,7 +1315,7 @@ onboarding_matrix:
         - default: permission_modes
       time_budget: "30 min"
       topics_max: 4
-      note: "NEW goal (v3.24.0) - Security-focused learning path"
+      note: "NEW goal (v3.26.0) - Security-focused learning path"
 
     power_60min:
       core: [sandbox_native_guide, mcp_secrets_management, security_hardening]
@@ -1330,7 +1340,7 @@ onboarding_matrix:
       core: [rules, sandbox_native_guide, workflow, essential_commands, context_management, plan_mode]
       time_budget: "60 min"
       topics_max: 6
-      note: "Security foundation + core workflow (v3.24.0 sandbox added)"
+      note: "Security foundation + core workflow (v3.26.0 sandbox added)"
 
     intermediate_120min:
       core: [plan_mode, agents, skills, config_hierarchy, git_mcp_guide, hooks, mcp_servers]