Skip to content

Security: SuanFishXYY/suanfish-design-system

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in Suanfish Design System, please do not open a public issue.

Instead, report it privately via one of the following channels:

  1. Use GitHub's private vulnerability reporting
  2. Email the maintainers (see profile)

What to Include

  • A clear description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested mitigation (if any)

Response Timeline

We aim to:

  • Acknowledge your report within 3 business days
  • Provide an initial assessment within 7 business days
  • Release a fix or mitigation as soon as feasible

Scope

This skill is a collection of markdown instructions and references. The primary security concerns are:

  • Prompt injection within agent definitions
  • Misleading or dangerous instructions that could cause user-facing AI to behave unsafely
  • License or attribution issues

Code-execution vulnerabilities are out of scope (no executable code in this skill).

Acknowledgments

We will credit reporters in our release notes unless they prefer to remain anonymous.

There aren't any published security advisories