Skip to content

Security: cobibean/soul-grader-skill

Security

SECURITY.md

Security Policy

This repository should contain only public-safe Markdown, HTML, YAML, and helper script content.

Do not include

  • API keys, tokens, passwords, OAuth credentials, private keys, or connection strings
  • private transcripts, customer data, PHI, financial data, or raw logs
  • private hostnames, live IPs, credential locations, or deployment-only details
  • screenshots or artifacts that reveal secrets or private workspace state

Reporting a problem

If you find a secret, private-data leak, or unsafe example, please open a GitHub issue with the minimum necessary detail. Do not paste the secret itself into the issue. If the leak is sensitive, contact the maintainer privately first.

Local check

Run:

python3 scripts/validate_skill.py

The validator performs structural checks and a lightweight secret/private-term scan. It is not a replacement for human review.

There aren't any published security advisories