If you discover a security vulnerability in AlterLab FC Skills, please report it responsibly.

Report: Report security issues by opening a private security advisory on this repository.

Please include:

• Description of the vulnerability
• Steps to reproduce
• Affected skill(s) and file path(s)
• Potential impact assessment

• Acknowledgment: Within 48 hours
• Assessment: Within 5 business days
• Fix/Mitigation: Based on severity

Security concerns for this project include:

• Prompt injection: Skills that could be manipulated to execute unintended actions
• Data exfiltration: Skills that could leak sensitive information
• Path traversal: Skills with hardcoded or manipulable file paths
• Credential exposure: Skills that might expose API keys or tokens

All pull requests that modify skills are scanned for potential security issues. We recommend:

• Never hardcode file paths, API keys, or credentials in skills
• Use environment variables for sensitive configuration
• Validate all external input referenced in skill instructions
• Follow the principle of least privilege for allowed tools metadata