If you discover a security vulnerability in any skill, please report it responsibly:

1. Do not open a public issue
2. Use GitHub Security Advisories to report privately
3. Include: affected skill, steps to reproduce, potential impact

We will acknowledge receipt within 48 hours and provide a fix timeline.

• All SKILL.md files and references/*.md rule definitions
• Installation scripts and recommended commands in README files
• Any code generation templates within skills

• AI model behavior (report to the AI tool vendor)
• User-generated content from skill execution