cf86a91e4a
- Remove all .github references (removed in 6c644dd but docs still referenced)
- Rewrite review-pr skill to use Gitea API instead of gh CLI
- Add gitea-pr.sh helper for Gitea API calls (view/diff/files/comments)
- Update project structure tree: add scripts/, .woodpecker.yml, ci-cd.md,
status-update-checklist.md, commit-docs-reminder.sh, RESEARCH-SDD-TOOLS.md
- Fix skills count 14 → 15 (add create-skill to DOCS.md)
- Remove .github references from CONTRIBUTING.md, SECURITY.md, init-project
- Add GITEA_TOKEN to .env.example
- Update CI/CD placeholder in RECOMMENDATIONS.md to Woodpecker
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
988 B
988 B
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public issue. Instead:
- Email: [your-security-email@example.com] (replace with your contact)
What to include
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Response timeline
- Acknowledgment: within 48 hours
- Assessment: within 7 days
- Fix or mitigation: depends on severity
Security Practices
This project follows security best practices documented in:
docs/backend/security.md— authentication, authorization, audit loggingdocs/llm/safety.md— LLM safety, prompt injection defense, privacyRULES.md— repository-wide security constraintsagents/security-auditor.md— security review agent profile
Scope
This policy applies to the codebase in this repository. Third-party dependencies are managed separately.