This repository primarily contains a workflow skill package, templates, and repository-side orchestration docs.
Security issues may still matter when they affect:
- secret handling guidance
- auth/authz guidance
- unsafe workflow recommendations
- repository-level sensitive data exposure
- generated templates that encourage insecure defaults
If you find a security issue:
- Do not publish exploit details immediately in a public issue.
- Report the problem privately to the repository owner first.
- Include:
- affected file(s)
- issue summary
- impact
- reproduction or reasoning
- suggested mitigation if known
A useful report includes:
- exact location
- why it is risky
- realistic impact
- whether it is documentation-only or workflow-affecting
- templates that encourage committing secrets
- workflow guidance that weakens auth/authz boundaries
- recovery/docs flow that leaks sensitive information
- recommendations that create unsafe deployment or integration defaults
Security-related issues should be triaged before normal enhancement work when the impact is credible.