| Version | Supported |
|---|---|
| 2.2.x | Yes |
| < 2.2 | No |
Report security issues privately — do not open a public GitHub issue for vulnerabilities.
- Use GitHub Security Advisories for this repository, or
- Contact the maintainer via the email listed on the GitHub profile.
Please include:
- A clear description of the issue and affected components (plugin, MCP server, CLI, hooks)
- Steps to reproduce
- Impact assessment (data exposure, privilege escalation, remote code execution, etc.)
Do not attach secrets in reports or public issues:
- API keys, tokens, passwords, or
.envcontents - Private keys (
.pem,id_rsa, etc.) - Customer or project analysis data from
projects/ - Local keystore or encrypted credential files
This repository ships agent instructions, hooks, skills, and the babok-mcp MCP
server. Runtime behavior depends on your host agent (Codex, Claude Code, Cursor,
Copilot) and its sandbox settings. Follow your organization's policies for
LLM tooling and data handling.
- Initial acknowledgment within 7 business days
- Status update within 30 days for confirmed issues
- Coordinated disclosure preferred; we will credit reporters unless anonymity is requested