If you discover a security vulnerability in this project (the skills themselves, not in targets you're testing), please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
- Email: info@orizon.one
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Status update within 7 days
- We will work with you to understand and resolve the issue before any public disclosure
This security policy covers vulnerabilities in:
- The Python scripts included in this repository
- The SKILL.md configurations
- Any infrastructure directly operated by this project
This policy does not cover:
- Vulnerabilities found in third-party targets using these tools (report those to the target's security team)
- Issues with third-party dependencies (Go tools, system utilities)
These tools are designed for authorized security testing. If you encounter situations where the tools behave unexpectedly or could cause unintended harm, please report it so we can add appropriate safeguards.