# Security Policy

## Supported Versions

All skill content in this repository is covered by this security policy.

| Component | Supported |
|-----------|-----------|
| Skill definitions (SKILL.md files) | Yes |
| Scripts and automation | Yes |
| Documentation | Yes |

## Reporting a Vulnerability

If you discover a security issue with any skill's scripts, instructions, or content, please report it responsibly:

1. **Do not** open a public issue
2. Use GitHub's private security advisory: [Report a vulnerability](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/security/advisories/new)
3. Include in your report:
   - Affected skill name and file path
   - Nature of the vulnerability
   - Potential impact
   - Steps to reproduce (if applicable)
   - Suggested fix (if you have one)

## Response Timeline

- **Initial acknowledgment:** Within 48 hours
- **Assessment and triage:** Within 1 week
- **Fix or mitigation:** Based on severity, typically within 2 weeks

## Scope

The following are in scope for security reports:

- Skills that contain commands or scripts that could cause unintended harm
- Instructions that could lead to unauthorized access if followed incorrectly
- Sensitive data accidentally included in skill content
- Dependencies or external references that have become compromised

## Recognition

We credit responsible disclosures in our changelog. If you report a valid security issue, we will acknowledge your contribution unless you prefer to remain anonymous.

## Contact

For security matters that cannot be reported through GitHub's advisory system, reach out via the repository's discussion forum.