Please report security issues privately instead of opening a public issue.
Email the maintainer or use GitHub private vulnerability reporting when it is enabled for the repository. Include:
- Affected skill, script, or CLI command
- Reproduction steps
- Impact and expected severity
- Any suggested fix
Security-sensitive areas include:
- CLI commands that execute shell tools
- Skill scripts and templates copied into user projects
- GitHub repository creation and authentication flows
- Generated project guardrails and hooks
Do not include secrets, tokens, or private repository material in issues, discussions, or pull requests.