brain-skill-bundle is a file format spec + reference parser. The relevant security surfaces are:

• Signature verification — the optional signature block in v0.1 is parsed but not verified by the reference parser yet. If you find a way to forge or bypass signatures in a future signing-enabled implementation, please report privately.
• Audience scoping — the audience runtime guard is a security primitive. If you find a way to load an internal-audience skill into a client_safe session through the reference parser's API, please report privately.
• Tenant scoping — isTenantMatch is a security primitive. Bypasses are reportable.
• Parser DOS / injection — pathological input that crashes the parser or causes resource exhaustion is reportable.

Email will@bizbrain-os.com with:

• A description of the vulnerability
• A minimal reproduction (a .skill.md file or code snippet)
• Your assessment of impact

Please do not file public issues for security reports until a fix is in place.

• The skill's body content — markdown injection in the body is the runtime's responsibility, not the parser's
• LLM-side prompt injection from skill content — also a runtime concern
• Source-system access (Gmail, Slack, Drive credentials) — out of scope; this spec only describes pointers, not credentials

• Acknowledgment within 48 hours
• Triage within 7 days
• Fix or mitigation plan within 30 days for confirmed issues