If you find that this skill provides incorrect or dangerous security guidance — for example, a recommended pattern that is itself insecure — please report it so it can be fixed before other developers apply the wrong advice.

Open a GitHub Issue using the Bug Report template and label it security-guidance-error.

Include:

• The file and line(s) containing the incorrect guidance
• Why the guidance is wrong or dangerous
• What the correct guidance should be
• A code example if applicable

Issues flagged as incorrect security guidance are treated as high priority. A correction will be published as quickly as possible.

This repository contains documentation and agent skill configuration only — no executable application code, no servers, no user data. There is no attack surface in the traditional sense.

The security concern here is the accuracy of the guidance itself: if the skill tells a developer to do something insecure, that is the vulnerability.