fix(create-site): address PR review feedback and add eval

- Rewrite description to be utilitarian (remove 'zero-knowledge')
- Remove Node.js version pin (18+ is archaic, loosen to just Node.js)
- Generalise TodoWrite reference to agent-agnostic language
- Add create-site-onboarding eval covering the non-obvious DA-specific
  behaviours: cache-first token auth, preview Bearer requirement,
  curl temp-file pattern, and aem-code-sync verification

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: kptdobe

skills/aem/edge-delivery-services/evals/create-site-onboarding/criteria.json

@@ -0,0 +1,56 @@
+{
+  "context": "Tests whether the agent correctly executes the full AEM EDS site creation flow: collecting inputs, creating the GitHub repo from the boilerplate template, handling the aem-code-sync human handoff with verification, authenticating with DA using a cache-first approach, creating nav/footer/index content via DA API, and triggering preview with the required Bearer auth. Covers the non-obvious DA-specific behaviours that trip up agents without this skill.",
+  "type": "weighted_checklist",
+  "checklist": [
+    {
+      "name": "Inputs collected before any API call",
+      "max_score": 5,
+      "description": "Agent collects GitHub org, repo name, and site name from the user before attempting any automated step"
+    },
+    {
+      "name": "GitHub repo created from aem-boilerplate template",
+      "max_score": 12,
+      "description": "Agent uses gh CLI or GitHub API to create the repo specifically from the adobe/aem-boilerplate template, not a blank repo"
+    },
+    {
+      "name": "aem-code-sync handoff correctly signalled",
+      "max_score": 12,
+      "description": "Agent provides the GitHub App installation URL, instructs the user to select only the new repo, and explicitly waits for user confirmation before continuing"
+    },
+    {
+      "name": "aem-code-sync installation verified programmatically",
+      "max_score": 8,
+      "description": "After user confirmation, agent checks admin.hlx.page/status/{org}/{repo}/main/ returns a valid JSON response before proceeding to DA steps"
+    },
+    {
+      "name": "DA auth uses cache-first approach",
+      "max_score": 10,
+      "description": "Agent checks ~/.aem/da-token.json for a valid cached token and its expiry before attempting a new OAuth flow or asking the user for a token"
+    },
+    {
+      "name": "All three mandatory pages created in DA",
+      "max_score": 15,
+      "description": "Agent creates nav.html, footer.html, and index.html in DA (admin.da.live/source/{org}/{repo}/) with structurally correct HTML and the site name substituted"
+    },
+    {
+      "name": "DA API calls use temp files, not inline multiline content",
+      "max_score": 8,
+      "description": "Agent writes HTML to temp files and uses the @ syntax for the curl -F flag rather than passing multiline content inline (inline multiline causes curl exit 26)"
+    },
+    {
+      "name": "Preview requests include Bearer auth",
+      "max_score": 15,
+      "description": "Agent sends POST requests to admin.hlx.page/preview for nav, footer, and index — all with an Authorization: Bearer header. DA-sourced content returns 401 without it even on public repos."
+    },
+    {
+      "name": "Complete hand-off delivered",
+      "max_score": 10,
+      "description": "Agent provides the preview URL (https://main--{repo}--{org}.aem.page/), DA content browser link, individual page edit links, and GitHub repo URL"
+    },
+    {
+      "name": "Human handoff points clearly distinguished from automated steps",
+      "max_score": 5,
+      "description": "Agent clearly labels which steps require human action versus which it executes automatically, and does not proceed past handoff points without confirmation"
+    }
+  ]
+}

skills/aem/edge-delivery-services/evals/create-site-onboarding/task.md

@@ -0,0 +1,9 @@
+# Create a New AEM Edge Delivery Site
+
+## Problem/Feature Description
+
+A developer wants to create a brand-new AEM Edge Delivery Services site. They have a GitHub account under the organization `acme-org` and want the repository to be named `acme-site`, with a site display name of "Acme Site". They have an Adobe IMS account with access to DA (da.live).
+
+## Output Specification
+
+Walk through the complete site creation flow using the create-site skill. Execute each automated step directly — do not stop to explain what you would do. Clearly signal the two steps that require human action (aem-code-sync installation and DA authentication if no cached token is available), and wait for confirmation before continuing past each. Deliver a live preview URL and DA editing links at the end.

skills/aem/edge-delivery-services/skills/create-site/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: create-site
-description: Zero-knowledge onboarding skill for AEM Edge Delivery Services. Creates a new GitHub repo from the boilerplate, sets up aem-code-sync, creates initial content in DA (Document Authoring), and delivers a live preview URL. Use this skill whenever a user wants to create a new AEM Edge Delivery site from scratch.
+description: Creates a new AEM Edge Delivery site from scratch — GitHub repo from the boilerplate, aem-code-sync installation, initial DA content (nav, footer, homepage), and a live preview URL. Use this skill whenever a user wants to create a new AEM Edge Delivery site and no repository or DA content exists yet.
 license: Apache-2.0
 metadata:
   version: "1.0.0"
@@ -26,7 +26,7 @@ Use this skill when:
 - A GitHub account with permission to create repositories in the target org
 - An Adobe IMS account with access to DA (da.live)
 - `gh` CLI authenticated (`gh auth status`) or a GitHub personal access token with `repo` scope
-- Node.js 18+ (for DA token management)
+- Node.js (for DA token management via da-auth-helper)
 
 ## Related Skills
 
@@ -38,7 +38,7 @@ Use this skill when:
 
 ## Step 0: Create TodoList
 
-Use the TodoWrite tool to create a todo list:
+Create a checklist to track progress (use your agent's task-tracking tool if available):
 
 1. **Gather inputs** — org, repo name, site name collected
 2. **Create GitHub repository** — repo created from boilerplate template