Only the latest released version receives security fixes. Check CHANGELOG.md for the current version.
Do not open a public issue for security vulnerabilities.
Instead, report privately via one of these channels:
- GitHub Security Advisories (preferred): Report a vulnerability
- Email: infomakersia gmail com with subject
[SECURITY] crystools-skills: <short description>
Please include:
- A description of the issue and its impact.
- Steps to reproduce (minimal proof of concept if possible).
- The affected skill(s) and version.
- Your suggested remediation, if any.
- Acknowledgement: within 72 hours.
- Initial assessment: within 7 days.
- Fix or mitigation: target within 30 days, depending on severity and complexity.
This policy covers the skills shipped in this repository and the packaging around them. It does not cover:
- The Claude Code CLI or the Anthropic API itself — report those to their respective vendors.
- Third-party tools invoked by skills — report upstream.
Once a fix is available, we publish a GitHub Security Advisory crediting the reporter (unless anonymity is requested).