Please report security issues privately to the maintainers before public disclosure.

SkillBridge is designed not to copy real secrets into generated skills. It should replace secret-looking values with placeholders and document required setup instead.

Do not commit:

• .env files
• API keys
• OAuth tokens
• session cookies
• private keys
• credentialed service config

The MVP converter does not install dependencies, run package managers, or execute network/auth/browser/MCP/paid-service workflows during conversion tests.