a1e0adbed0
Tighten the web app ESLint scope so TypeScript source is checked without crawling bundled skill assets, and remove unused markdown and debounce dependencies. Clarify the security reporting flow and split code vs content licensing to reduce ambiguity for users and contributors.
770 B
770 B
Security Policy
Supported Versions
We track the main branch.
Reporting a Vulnerability
DO NOT open a public Issue for security exploits.
If you find a security vulnerability (for example, a skill that bypasses the "Authorized Use Only" check or executes malicious code without warning):
- Open a GitHub Private Advisory on this repository so the report stays private during triage.
- Include the affected path, reproduction steps, impact, and any suggested mitigation if you have one.
We aim to acknowledge security reports within 72 hours.
Offensive Skills Policy
Please read our Security Guardrails. All offensive skills are strictly for authorized educational and professional use only.