This repository contains documentation and Claude Code plugin skills — no executable code. All versions receive updates.
If you discover a security issue (e.g. a skill workflow that could be used for prompt injection, a rule that introduces a vulnerability into projects, or sensitive data accidentally committed):
- Do not open a public issue.
- Report privately via GitHub Security Advisories.
- Include: what you found, which file/skill, potential impact.
You will receive a response within 7 days.
- Skill workflows that give insecure advice (e.g. recommending weak crypto, bypassing auth)
- Rules in
claude/orreference/that would introduce OWASP Top 10 vulnerabilities into projects - Any accidentally committed credentials or personal data
Out of scope: general disagreements with best-practice recommendations (open an issue instead).