Skip to content

Security: warpdotdev/client-release-agent-oss

SECURITY.md

Security Policy

Reporting a vulnerability

Please do not open a public GitHub issue for security vulnerabilities.

Instead, report privately using GitHub's private vulnerability reporting ("Report a vulnerability" under the repository's Security tab), or contact the maintainers directly.

When reporting, please include:

  • A description of the issue and its impact
  • Steps to reproduce
  • Affected skill(s) or file(s)

We will acknowledge your report as soon as possible and keep you informed of progress toward a fix.

Handling secrets

These skills read all credentials (Slack tokens, Sentry tokens, GitHub auth) from environment variables only. Never hardcode secrets into a SKILL.md, script, or commit. If you discover a committed secret, treat it as compromised: rotate it immediately and remove it from history before publishing.

There aren't any published security advisories