| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| < 2.0 | ❌ |
If you discover a security vulnerability, please report it by opening a GitHub issue with the label security.
For sensitive issues, contact the maintainer directly.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: within 48 hours
- Status update: within 7 days
- Resolution target: within 30 days (depends on severity)
This project follows these security practices:
- No secrets in code - All sensitive data should be handled via environment variables
- Input validation - All user inputs are treated as untrusted data
- Dependency updates - Dependencies are regularly reviewed and updated
This security policy applies to the prompt-smith project and its official distributions.