If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue
2. Use GitHub's Private Vulnerability Reporting to submit the report
3. Include steps to reproduce if possible
4. Allow reasonable time for a fix before public disclosure

We will acknowledge your report within 48 hours and aim to release a fix within 7 days for critical issues.

This policy covers all Agent Skills distributed via this repository, including SKILL.md files, reference documents, scripts, and presets.