Please do not report security issues through public GitHub issues.

Preferred: use GitHub private vulnerability reporting — go to this repository's Security tab and click Report a vulnerability.

Alternative: email security@last9.io.

Include a description of the issue, steps to reproduce, and any relevant context. We will acknowledge your report and keep you informed of progress.

This repository contains AI-agent skills (markdown) and plugin manifests (JSON) — it ships no server or runtime code. Reports about leaked credentials, sensitive data in repository content or history, or supply-chain concerns with the install paths (npx skills add, plugin marketplaces) are all in scope.