Use this checklist before publishing any public note or sanitized write-up.
Before you publish, confirm all of the following:
- The source material is authorized for public release.
- The note uses the public-safe structure from templates/writeup_sanitized.md, or is brought close to that standard.
- Live identifiers are replaced with canonical placeholders from docs/placeholder-policy.md.
- Secrets, tokens, flags, session material, and nonessential sensitive evidence are removed or neutralized.
- The note preserves technical meaning and defensive value without publishing a full exploit chain.
- Front matter follows the taxonomy rules described in docs/taxonomy-closure.md.
- The note passes the required local validation checks.
- A final human review finds no names, IPs, URLs, hostnames, screenshots, attachments, or pasted output that should remain private.
python scripts/render_tags_doc.py --check
python scripts/check_placeholders.py <changed files>
python scripts/check_markdown.py
python -m pre_commit run --files <changed files>
Stop and resolve governance first if:
- you think a new placeholder is needed
- you are about to introduce a new taxonomy value
- the note still depends on private evidence to make sense
- the content only works as a step-by-step attack recipe
When that happens, use: