If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please use one of these methods:
- GitHub Security Advisories (preferred): Report a vulnerability
- Email: Send details to the repository owner via their GitHub profile
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment within 48 hours
- Status update within 7 days
- Resolution target within 90 days of confirmed vulnerability
- Coordinated disclosure — we will notify you before any public disclosure
- Credit in the fix (unless you prefer anonymity)
This project provides markdown-based skill workflows for AI coding agents. Security concerns most likely involve:
- Skill workflows that could cause unintended destructive actions
- Injection risks in templates that get interpolated by agents
- Information disclosure through skill outputs
Only the latest release is supported with security updates.