docs(claude-design): avoid self-referencing forbidden-content tokens

CLAUDE.md and README.md previously named the forbidden tokens
literally when describing the validate-plugin.sh assertion (i) and
test-sc3-citations.sh negative grep. The recursive scans then flagged
the documentation itself as a leak. Rewords both descriptions to
describe the policy without using the banned literals.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/claude-design/README.md

@@ -162,7 +162,7 @@ Runs five test scripts under `tests/` in dependency order:
 | `validate-plugin.sh` | plugin.json + SKILL.md frontmatter + LICENSE + GOVERNANCE.md + README.md + CLAUDE.md + .coverage.md presence; forbidden-command-name scope-fence check; operator-private-context grep; Norwegian-leakage advisory |
 | `test-skill-triggers.sh` | SKILL.md description >=400 chars; every phrase in `.triggers.txt` appears in SKILL.md |
 | `test-sc2-artifact-coverage.sh` | Each preset in `.coverage.md` has >=1 file hit in plugin content |
-| `test-sc3-citations.sh` | No `[CITE]` / `[verify]` / "according to" placeholders; each Authoritative-claims file has >=1 Anthropic-domain URL |
+| `test-sc3-citations.sh` | No unsourced-attribution placeholders (citation-stub markers, verification-flag markers, vague second-hand phrasing); each Authoritative-claims file has >=1 Anthropic-domain URL. The script enforces the exact patterns it bans — see the script source for the regex. |
 | `test-sc1-dogfood-log.sh` | Format-check the operator dogfood log in `REMEMBER.md` (gitignored) — 5 fields well-formed |
 
 Flags: