1  # Security Policy
 2  
 3  ## Supported Versions
 4  
 5  All skill content in this repository is covered by this security policy.
 6  
 7  | Component | Supported |
 8  |-----------|-----------|
 9  | Skill definitions (SKILL.md files) | Yes |
10  | Scripts and automation | Yes |
11  | Documentation | Yes |
12  
13  ## Reporting a Vulnerability
14  
15  If you discover a security issue with any skill's scripts, instructions, or content, please report it responsibly:
16  
17  1. **Do not** open a public issue
18  2. Use GitHub's private security advisory: [Report a vulnerability](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/security/advisories/new)
19  3. Include in your report:
20     - Affected skill name and file path
21     - Nature of the vulnerability
22     - Potential impact
23     - Steps to reproduce (if applicable)
24     - Suggested fix (if you have one)
25  
26  ## Response Timeline
27  
28  - **Initial acknowledgment:** Within 48 hours
29  - **Assessment and triage:** Within 1 week
30  - **Fix or mitigation:** Based on severity, typically within 2 weeks
31  
32  ## Scope
33  
34  The following are in scope for security reports:
35  
36  - Skills that contain commands or scripts that could cause unintended harm
37  - Instructions that could lead to unauthorized access if followed incorrectly
38  - Sensitive data accidentally included in skill content
39  - Dependencies or external references that have become compromised
40  
41  ## Recognition
42  
43  We credit responsible disclosures in our changelog. If you report a valid security issue, we will acknowledge your contribution unless you prefer to remain anonymous.
44  
45  ## Contact
46  
47  For security matters that cannot be reported through GitHub's advisory system, reach out via the repository's discussion forum.