Security Policy
Supported Versions
All skill content in this repository is covered by this security policy.
| Component | Supported |
|---|---|
| Skill definitions (SKILL.md files) | Yes |
| Scripts and automation | Yes |
| Documentation | Yes |
Reporting a Vulnerability
If you discover a security issue with any skill's scripts, instructions, or content, please report it responsibly:
- Do not open a public issue
- Use GitHub's private security advisory: Report a vulnerability
- Include in your report:
- Affected skill name and file path
- Nature of the vulnerability
- Potential impact
- Steps to reproduce (if applicable)
- Suggested fix (if you have one)
Response Timeline
- Initial acknowledgment: Within 48 hours
- Assessment and triage: Within 1 week
- Fix or mitigation: Based on severity, typically within 2 weeks
Scope
The following are in scope for security reports:
- Skills that contain commands or scripts that could cause unintended harm
- Instructions that could lead to unauthorized access if followed incorrectly
- Sensitive data accidentally included in skill content
- Dependencies or external references that have become compromised
Recognition
We credit responsible disclosures in our changelog. If you report a valid security issue, we will acknowledge your contribution unless you prefer to remain anonymous.
Contact
For security matters that cannot be reported through GitHub's advisory system, reach out via the repository's discussion forum.