If you discover a security vulnerability in this repository, please report it responsibly.
Do not open a public issue for security vulnerabilities.
- GitHub: Use private vulnerability reporting
- GitLab: Open a confidential issue
This repository distributes AI coding plugins (skills and agents) as Markdown and JSON files. Security concerns may include:
- Skills that instruct the AI to disable permissions or skip verification
- Bundled scripts with injection risks or unsafe command patterns
- Exposure of secrets, tokens, or credentials in skill definitions
See GOVERNANCE.md for the review layers that every contribution passes through before it can affect a user's system.
Only the latest version on the main branch is supported.