We track the main branch.
DO NOT open a public Issue for security exploits.
If you find a security vulnerability (for example, a skill that bypasses the "Authorized Use Only" check or executes malicious code without warning):
- Open a GitHub Private Advisory on this repository so the report stays private during triage.
- Include the affected path, reproduction steps, impact, and any suggested mitigation if you have one.
We aim to acknowledge security reports within 72 hours.
Please read our Security Guardrails. All offensive skills are strictly for authorized educational and professional use only.