add SKILL
This commit is contained in:
olekhondera
36
SECURITY.md
Normal file
36
SECURITY.md
Normal file
@@ -0,0 +1,36 @@
|
||||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security vulnerability in this project, please report it responsibly.
|
||||
|
||||
**Do not open a public issue.** Instead:
|
||||
|
||||
1. Email: **[your-security-email@example.com]** (replace with your contact)
|
||||
2. Or use [GitHub private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) if enabled on this repository.
|
||||
|
||||
### What to include
|
||||
|
||||
- Description of the vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
- Suggested fix (if any)
|
||||
|
||||
### Response timeline
|
||||
|
||||
- **Acknowledgment:** within 48 hours
|
||||
- **Assessment:** within 7 days
|
||||
- **Fix or mitigation:** depends on severity
|
||||
|
||||
## Security Practices
|
||||
|
||||
This project follows security best practices documented in:
|
||||
|
||||
- `docs/backend/security.md` — authentication, authorization, audit logging
|
||||
- `docs/llm/safety.md` — LLM safety, prompt injection defense, privacy
|
||||
- `RULES.md` — repository-wide security constraints
|
||||
- `agents/security-auditor.md` — security review agent profile
|
||||
|
||||
## Scope
|
||||
|
||||
This policy applies to the codebase in this repository. Third-party dependencies are managed separately.
|
||||
Reference in New Issue
Block a user