If you believe you found a security issue in SkillCodex (prompt injection in a skill, malicious instructions, or tooling that could exfiltrate data):

1. Do not open a public issue with exploit details.
2. Report via GitHub private vulnerability reporting if enabled, or open a minimal public issue asking for a private channel.
3. Include: affected skill slug, file path, steps to reproduce, and impact.

Response SLA (best effort, solo maintainer):

This repo is public. It must not contain secrets.

Do not commit

• API keys, tokens, passwords (.env, .env.*, .npmrc with auth, credential JSON, .netrc)
• Private keys and certs (.pem, .key, .p12, id_rsa, keystores)
• Build output under package/dist/ (generate with pnpm build; listed in .gitignore)
• Generated package copies under package/skills/ (regenerated by pnpm sync)

Safe to include

• Public GitHub and npm URLs
• Skill markdown and references

If you commit a secret by mistake, rotate it immediately and remove it from git history.

Skills are instructions, not sandboxed programs. Risks include prompt injection, unsafe workflows, and hallucinated tool use. SkillCodex mitigates with:

• Curated content and required ## Safety sections
• Frontmatter risk_level, tools_allowed, requires_user_approval
• pnpm validate - including Unicode tag and bidi scans
• PR workflow security-scan.yml on skills/** changes

Read:

• TRUST.md - ecosystem risks and controls
• references/skill-safety.md - author and consumer checklist

@skillcodex/skills ships compiled JS and SKILL.md copies. Install only from the official registry and verify version hashes in lockfiles for production pipelines.