Please do not open a public GitHub issue for security vulnerabilities.
Instead, report privately using GitHub's private vulnerability reporting ("Report a vulnerability" under the repository's Security tab), or contact the maintainers directly.
When reporting, please include:
- A description of the issue and its impact
- Steps to reproduce
- Affected skill(s) or file(s)
We will acknowledge your report as soon as possible and keep you informed of progress toward a fix.
These skills read all credentials (Slack tokens, Sentry tokens, GitHub auth) from
environment variables only. Never hardcode secrets into a SKILL.md, script, or
commit. If you discover a committed secret, treat it as compromised: rotate it
immediately and remove it from history before publishing.