Skip to content

Security: Soham407/studio-kickstart

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report security issues privately instead of opening a public issue.

Email the maintainer or use GitHub private vulnerability reporting when it is enabled for the repository. Include:

  • Affected skill, script, or CLI command
  • Reproduction steps
  • Impact and expected severity
  • Any suggested fix

Scope

Security-sensitive areas include:

  • CLI commands that execute shell tools
  • Skill scripts and templates copied into user projects
  • GitHub repository creation and authentication flows
  • Generated project guardrails and hooks

Do not include secrets, tokens, or private repository material in issues, discussions, or pull requests.

There aren't any published security advisories