If you discover a security vulnerability in Suanfish Design System, please do not open a public issue.
Instead, report it privately via one of the following channels:
- Use GitHub's private vulnerability reporting
- Email the maintainers (see profile)
- A clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested mitigation (if any)
We aim to:
- Acknowledge your report within 3 business days
- Provide an initial assessment within 7 business days
- Release a fix or mitigation as soon as feasible
This skill is a collection of markdown instructions and references. The primary security concerns are:
- Prompt injection within agent definitions
- Misleading or dangerous instructions that could cause user-facing AI to behave unsafely
- License or attribution issues
Code-execution vulnerabilities are out of scope (no executable code in this skill).
We will credit reporters in our release notes unless they prefer to remain anonymous.