22 lines
770 B
Markdown
22 lines
770 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
We track the `main` branch.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**DO NOT** open a public Issue for security exploits.
|
|
|
|
If you find a security vulnerability (for example, a skill that bypasses the "Authorized Use Only" check or executes malicious code without warning):
|
|
|
|
1. Open a **GitHub Private Advisory** on this repository so the report stays private during triage.
|
|
2. Include the affected path, reproduction steps, impact, and any suggested mitigation if you have one.
|
|
|
|
We aim to acknowledge security reports within 72 hours.
|
|
|
|
## Offensive Skills Policy
|
|
|
|
Please read our [Security Guardrails](docs/contributors/security-guardrails.md).
|
|
All offensive skills are strictly for **authorized educational and professional use only**.
|