feat(plugins): add vibeguard prompt guard plugin

[inkdust2021]

Summary

• Adds a community plugin plugins/vibeguard that protects secrets/PII by blocking prompt submission when configured patterns are detected.
• Prints a VibeGuard-style placeholder-redacted version of the prompt for safe copy/re-send (e.g. __VG_<CATEGORY>_<hash12>__).
• Adds the plugin to plugins/README.md and .claude-plugin/marketplace.json for discoverability.

Motivation

Claude Code workflows often involve handling .env files, tokens, and other sensitive strings. It's easy to accidentally paste secrets/PII into a prompt and send them to an LLM provider.

This plugin provides a lightweight, local guardrail.

How it works

• Hook: UserPromptSubmit
• On match: blocks the submission and prints a redacted copy using placeholders
• Configuration: keywords / regex / builtin patterns (see plugins/vibeguard/README.md)

Limitations / future work

In fact, what I really want is a plugin that automatically replaces sensitive information with placeholders before sending — but Claude Code doesn’t expose a corresponding hook to intercept or rewrite the prompt.

Test plan

• Install the plugin in a test project
• Confirm prompts containing configured secrets/PII are blocked and a redacted copy is printed
• Confirm non-matching prompts submit normally