mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-10 05:04:56 +03:00
mukul975
48 lines
1.6 KiB
Markdown
48 lines
1.6 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
All skill content in this repository is covered by this security policy.
|
|
|
|
| Component | Supported |
|
|
|-----------|-----------|
|
|
| Skill definitions (SKILL.md files) | Yes |
|
|
| Scripts and automation | Yes |
|
|
| Documentation | Yes |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security issue with any skill's scripts, instructions, or content, please report it responsibly:
|
|
|
|
1. **Do not** open a public issue
|
|
2. Use GitHub's private security advisory: [Report a vulnerability](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/security/advisories/new)
|
|
3. Include in your report:
|
|
- Affected skill name and file path
|
|
- Nature of the vulnerability
|
|
- Potential impact
|
|
- Steps to reproduce (if applicable)
|
|
- Suggested fix (if you have one)
|
|
|
|
## Response Timeline
|
|
|
|
- **Initial acknowledgment:** Within 48 hours
|
|
- **Assessment and triage:** Within 1 week
|
|
- **Fix or mitigation:** Based on severity, typically within 2 weeks
|
|
|
|
## Scope
|
|
|
|
The following are in scope for security reports:
|
|
|
|
- Skills that contain commands or scripts that could cause unintended harm
|
|
- Instructions that could lead to unauthorized access if followed incorrectly
|
|
- Sensitive data accidentally included in skill content
|
|
- Dependencies or external references that have become compromised
|
|
|
|
## Recognition
|
|
|
|
We credit responsible disclosures in our changelog. If you report a valid security issue, we will acknowledge your contribution unless you prefer to remain anonymous.
|
|
|
|
## Contact
|
|
|
|
For security matters that cannot be reported through GitHub's advisory system, reach out via the repository's discussion forum.
|