docs: add privacy and security policies
This commit is contained in:
Kieran Klaassen
29
SECURITY.md
Normal file
29
SECURITY.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Security fixes are applied to the latest version on `main`.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please do not open a public issue for undisclosed vulnerabilities.
|
||||
|
||||
Instead, report privately by emailing:
|
||||
- `kieran@every.to`
|
||||
|
||||
Include:
|
||||
- A clear description of the issue
|
||||
- Reproduction steps or proof of concept
|
||||
- Impact assessment (what an attacker can do)
|
||||
- Any suggested mitigation
|
||||
|
||||
We will acknowledge receipt as soon as possible and work with you on validation, remediation, and coordinated disclosure timing.
|
||||
|
||||
## Scope Notes
|
||||
|
||||
This repository primarily contains plugin instructions/configuration plus a conversion/install CLI.
|
||||
|
||||
- Plugin instruction content itself does not run as a server process.
|
||||
- Security/privacy behavior also depends on the host AI tool and any external integrations you explicitly invoke.
|
||||
|
||||
For data-handling details, see [PRIVACY.md](PRIVACY.md).
|
||||
Reference in New Issue
Block a user