| Version | Supported |
|---|---|
| Latest | Yes |
| < Latest | No |
Only the latest release receives security updates. We recommend always using the most recent version.
Do NOT open a public issue for security vulnerabilities.
Use GitHub Security Advisories to privately report vulnerabilities. This creates a private channel between you and the maintainers.
DM via X / Twitter with:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
| Stage | Target |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 7 days |
| Patch development | Within 30 days |
| Public disclosure | Within 90 days of report |
We follow a 90-day coordinated disclosure policy. If a fix is ready sooner, we'll disclose sooner.
We credit reporters in:
- Release notes
- Security advisory
- CVE entries (when applicable)
If you prefer to remain anonymous, let us know in your report.
This policy covers the Agent Skills collection and its source code in this repository. Third-party dependencies are out of scope — report those to their respective maintainers.
Maintained by bntvllnt