We take security seriously, especially for a privacy-focused repository.
Report vulnerabilities through GitHub Security Advisories. This ensures confidential communication.
Send reports to security@privacy-skills.dev with subject line: [SECURITY] Brief description.
| Stage | Target |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 7 days |
| Resolution target | 30 days |
| Responsible disclosure | 90 days |
The following are in scope for security reports:
- Inaccurate regulatory citations that could lead to compliance failures
- Vulnerabilities in Python scripts (scripts/process.py files)
- CI/CD pipeline security issues
- Repository infrastructure vulnerabilities
- Sensitive data exposure in skill templates
- The privacy regulations themselves
- Third-party tools or platforms referenced in skills
- Theoretical regulatory interpretation disagreements
We follow a 90-day responsible disclosure timeline. If a fix requires more time, we will negotiate an extended timeline with the reporter.
Security researchers who responsibly disclose vulnerabilities will be credited in CHANGELOG.md and in the relevant GitHub Security Advisory.
- GitHub Security Advisories: Report here
- Email: security@privacy-skills.dev
- Maintainer: Mahipal